Exchange Online 365 Administration – Segmenting/Assigning User/Mailbox Management

Posted on Updated on

You can use Exchange Online Roles Based Access Control (RBAC) to accomplish segmenting out different Exchange Administrators to manage a specific set of users. For example, to grant the Recipient Management rights of each SMTP domain, use PowerShell commands like this, which creates a new Management Scope, a Role Group and then assigns an administrator for this group, which will have the rights to manage users assigned to a particular email domain:

Delegate Administration Permission Per Domain

http://outlookliveanswers.com/forums/p/7148/22420.aspx#22420

Setup a new Exchange Online Management Scope

New-ManagementScope -Name “DomainX.com Management Scope” -RecipientRestrictionFilter -RecipientRestrictionFilter {WindowsEmailAddress -like *@DomainX.com}

New Role Group

New-RoleGroup “DomainX.com Recipient Managers” -Roles “Recipient Policies”,”Mail Recipient Creation”,”Distribution Groups”,”Mail Recipients”,”Message Tracking”,”Reset Password” -CustomRecipientWriteScope “DomainX.com Management Scope”

Add Administrator to RoleGroupMember

Add-RoleGroupMember “DomainX.com Recipient Managers”  -Member “admin@DomainX.com

Note – You will need to massage some of the above parameters, such as the -Member parameter, in order to input your own Exchange Online Admin account that you want to add to the new RoleGroupMember, which is assigned to a newly created Exchange Online Management scope.

Whatcha thinkin?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s