Custom Exchange 2013/2016 Server Role Base Access Control (RBAC)

Role group consists of the following

  • Management role group
  • Management role
  • Management role assignment
  • Management role scope
  • Membership


Create Custom RBAC

This RBAC for Custom Database, Users

  1. Create Database Scope
    1. New-ManagementScope -Name “Database Sope01” -DatabaseList DB01, DB02, DB03
  2. Get the Recipient OU (like:
  3. Create a new role group “Exchange Admin01
    1. New-RoleGroup “Exchange Admin01
  4. Create Custom Management Role from Parent one
    1. New-ManagementRole –Name “Custom recipients” –Parent “mail recipients
  5. Edit and Customize Management Role Entry
    1. Get-ManagementRoleEntry “Custom recipients\*” | Remove-managementRoleEntry

Repeat STEP until you remove all the unnecessary commands

  1. assign the Management role to Role Group
    1. New-ManagementRoleAssignment -SecurityGroup “Exchange Admin01” -Role “Custom recipients
  2. Scope and limit the Custom management Role to OU and Database
    1. get-ManagementRoleAssignment | fl name
    2. Set-ManagementRoleAssignment “Custom-Move mailboxes01-Custom Managment01” -CustomConfigWriteScope Custom-DB-Scope -RecipientOrganizationalUnitScope
  3. Add Membership to the role group (Management Role Assignment)
    1. Get-RoleGroup “Exchange Admin01” | Add-RoleGroupMember –Member “MemberName

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s