configure RBAC for restoring mailboxes to recovery database

request/issue: customer wants to be able to restore mailboxes to recovery database

recommended solution:

step 1: Find which role has the role entry
use this cmdlet to find out:

Get-ManagementRoleEntry “*Restore-Mailbox” | fl Name,Role
result:
Name : Restore-Mailbox
Role : Disaster recovery

step 2: Create a new role for eg ServerAdmins-Restore-Mailbox that inherits all the permissions of ‘disaster recover’ built in role

for eg New-ManagementRole -Name ‘ServerAdmins-Restore-Mailbox’ -Parent ‘Disaster recovery’

Step 3: Add the newly created role to the role group using shell or ECP

Note: You can choose to ONLY allow restore-mailbox cmdlet to the “serveradmins-restore-mailbox” role
by using this command:

Add-ManagementRoleEntry “ServerAdmins-Restore-Mailboxrestore-mailbox”

use this command to view the mgmt role entries for the newly created role “serveradmins-restore-mailbox”
Get-ManagementRoleEnty “serveradmins-restore-mailbox*”

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Related

Leave a Reply Cancel reply