{"id":15,"date":"2014-04-30T14:24:34","date_gmt":"2014-04-30T12:24:34","guid":{"rendered":"http:\/\/blog.mvoelkl.de\/?p=15"},"modified":"2014-04-30T14:24:34","modified_gmt":"2014-04-30T12:24:34","slug":"delegate-serverrecipient-management","status":"publish","type":"post","link":"https:\/\/blog.mvoelkl.de\/?p=15","title":{"rendered":"Delegate Server\/Recipient Management"},"content":{"rendered":"<p style=\"color: #666666;\">If you like to Delegate Server and Recipient Management to a Site which has it&#8217;s own Exchange Server:<\/p>\n<pre style=\"color: #666666;\"># create a management scope to restrict access to the server only\r\nNew-ManagementScope -Name \"DELEGATED Servers\" -ServerList SERVER1<\/pre>\n<pre style=\"color: #666666;\">#create a DELEGATED role group for server management\r\n$RGS = Get-RoleGroup \"Server Management\"\r\nNew-RoleGroup \"DELEGATED Server Management\" -Roles $RGS.Roles -CustomConfigWriteScope \"DELEGATED Servers\"\u00a0\r\n\t-RecipientOrganizationalUnitScope \"domain.local\/NameOfOrganizationalUnit\"\r\nAdd-RoleGroupMember \"DELEGATED Server Management\" -Member \"delegated-exchange-g\"<\/pre>\n<pre style=\"color: #666666;\">#create a DELEGATED role group for recipient management\r\n$RGR = Get-RoleGroup \"Recipient Management\"\r\nNew-RoleGroup \"DELEGATED Recipient Management\" -Roles $RGR.Roles -CustomConfigWriteScope \"DELEGATED Servers\" \r\n\t-RecipientOrganizationalUnitScope \"domain.local\/NameOfOrganizationalUnit\"\r\nAdd-RoleGroupMember \"DELEGATED Recipient Management\" -Member \"delegated-exchange-g\"<\/pre>\n<pre style=\"color: #666666;\"># Remove the Recipient Policies Role to disallow policy changes\r\nGet-ManagementRoleAssignment -RoleAssignee \"DELEGATED Recipient Management\" -Role \"Recipient Policies\" \r\n\t-Delegating $false | Remove-ManagementRoleAssignment\r\nNew-ManagementRoleAssignment -Name \"Recipient Policies-DELEGATED Recipient Management\" \r\n\t-SecurityGroup \"DELEGATED Recipient Management\" -Role \"Recipient Policies\" -CustomConfigWriteScope \"DELEGATED Servers\" \r\n\t-RecipientOrganizationalUnitScope \"domain.local\/NameOfOrganizationalUnit\"<\/pre>\n<pre style=\"color: #666666;\"># create a Mail Recipients Role and remove ability to administer the owamailboxpolicy\r\nNew-ManagementRole \"DELEGATED Mail Recipients\" -Parent \"Mail Recipients\"\r\nGet-ManagementRoleEntry \"DELEGATED Mail Recipients\\*owa*\" | Remove-ManagementRoleEntry -WhatIf\r\nGet-ManagementRoleEntry \"DELEGATED Mail Recipients\\*owa*\" | Remove-ManagementRoleEntry<\/pre>\n<pre style=\"color: #666666;\"># Remove the Mail Recipients Role to disallow owamailboxpolicy changes\r\nGet-ManagementRoleAssignment -RoleAssignee \"DELEGATED Recipient Management\" -Role \"Mail Recipients\" \r\n\t-Delegating $false | Remove-ManagementRoleAssignment\r\nNew-ManagementRoleAssignment -Name \"Mail Recipients-DELEGATED Recipient Management\" \r\n\t-SecurityGroup \"DELEGATED Recipient Management\" -Role \"DELEGATED Mail Recipients\" -CustomConfigWriteScope \"DELEGATED Servers\" \r\n\t-RecipientOrganizationalUnitScope \"domain.local\/NameOfOrganizationalUnit\"<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you like to Delegate Server and Recipient Management to a Site which has it&#8217;s own Exchange Server: # create a management scope to restrict access to the server only New-ManagementScope -Name &#8220;DELEGATED Servers&#8221; -ServerList SERVER1 #create a DELEGATED role group for server management $RGS = Get-RoleGroup &#8220;Server Management&#8221; New-RoleGroup &#8220;DELEGATED Server Management&#8221; -Roles $RGS.Roles [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-15","post","type-post","status-publish","format-standard","hentry","category-exchange-2010"],"_links":{"self":[{"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/posts\/15","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15"}],"version-history":[{"count":1,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/posts\/15\/revisions"}],"predecessor-version":[{"id":16,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=\/wp\/v2\/posts\/15\/revisions\/16"}],"wp:attachment":[{"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mvoelkl.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}