Exchange Permissions

Built in admin roles

the admin role concept

• 67 different admin roles and these vary in recipient and configuration scope

• roles are added to Role Groups

• 12 different built-in Admin role groups to choose from

Primary role group is Organization Management (Mailbox search role disabled by default)

Role groups are assigned roles and members are shown.

Organization Management role groups contains all roles except mailbox search and Administrators are a member

Additional roles and members can be added

Discovery Management has the Mailbox Search role assigned.














Although there are 67 default admin roles you can create additional ones or tweak the ones that exist

These roles are based on underlying PowerShell cmdlets and commands that are assigned

Use Exchange Management Shell to view information and alter information about roles

• Get-ManagementRole -Cmdlet New-Mailbox - shows management roles that has the ability to use new-mailbox cmdlet

• Get-ManagementRoleEntry "Public Folders\*" - shows what cmdlets and parameters makeup the public folder role

Get-ManagementRole -Cmdlet New-Mailbox

Get-ManagementRoleEntry "Public Folders\*"







User Roles" Role Assignment Policy

You can configure polices that grants end users permissions to set their Outlook Web App options and perform other self-administration tasks such as:

• modifying contact information
• view and modify distribution group membership
• view and modify marketplace apps

 Default Role Assignment Policy

To apply the default role assignment policy, it is done in user mailbox , mailbox features settings.














Scenario

add use to discovery management role group


create a new role group that includes the roles

• mail recipient creation
• mail recipients
• recipients policies
• public folders

create a new role assignement polcy called Full Control that allows end-users complete self-administration control and apply to end users

Apply new Full Control policy to user mailbox.