E14 Ticket: RBAC - Add role for Create connector at child domain - V1

-

 

Version 1

  1. New-SendConnector is not present in the role definition of the current user.

    image

  2. About Send-Connector role is
    http://technet.microsoft.com/en-us/library/dd876913.aspx 

    The Send Connectors management role enables administrators to manage transport Send connectors in an organization.

  3. Find Send Connectors Role
    [PS] C:\Windows\system32>Get-ManagementRole | Sort-Object Name | ft Name

    image


  4. [PS] C:\Windows\system32>    Get-ManagementRole -Identity "Send Connectors" | fl

    RunspaceId                  : 388383d1-ae70-4f8d-8c00-c07f31dc1594
    RoleEntries                 : {(Microsoft.Exchange.Management.PowerShell.E2010) Set-SendConnector -AddressSpaces -Authe
                                  nticationCredential -Comment -Confirm -ConnectionInactivityTimeOut -Debug -DNSRoutingEnab
                                  led -DomainController -DomainSecureEnabled -Enabled -ErrorAction -ErrorPolicies -ErrorVar
                                  iable -Force -ForceHELO -Fqdn -Identity -IgnoreSTARTTLS -IsCoexistenceConnector -IsScoped
                                  Connector -LinkedReceiveConnector -MaxMessageSize -Name -OutBuffer -OutVariable -Port -Pr
                                  otocolLoggingLevel -RequireOorg -RequireTLS -SmartHostAuthMechanism -SmartHosts -SmtpMaxM
                                  essagesPerConnection -SourceIPAddress -SourceTransportServers -TlsAuthLevel -TlsDomain -U
                                  seExternalDNSServersEnabled -Verbose -WarningAction -WarningVariable -WhatIf, (Microsoft.
                                  Exchange.Management.PowerShell.E2010) New-SendConnector -AddressSpaces -AuthenticationCre
                                  dential -Comment -Confirm -ConnectionInactivityTimeOut -Custom -Debug -DNSRoutingEnabled
                                  -DomainController -DomainSecureEnabled -Enabled -ErrorAction -ErrorPolicies -ErrorVariabl
                                  e -Force -ForceHELO -Fqdn -IgnoreSTARTTLS -Internal -Internet -IsCoexistenceConnector -Is
                                  ScopedConnector -LinkedReceiveConnector -MaxMessageSize -Name -OutBuffer -OutVariable -Pa
                                  rtner -Port -ProtocolLoggingLevel -RequireOorg -RequireTLS -SmartHostAuthMechanism -Smart
                                  Hosts -SmtpMaxMessagesPerConnection -SourceIPAddress -SourceTransportServers -TlsAuthLeve
                                  l -TlsDomain -Usage -UseExternalDNSServersEnabled -Verbose -WarningAction -WarningVariabl
                                  e -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) Write-AdminAuditLog -Comment
                                  -Confirm -Debug -DomainController -ErrorAction -ErrorVariable -OutBuffer -OutVariable -Ve
                                  rbose -WarningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.
                                  E2010) Remove-SendConnector -Confirm -Debug -DomainController -ErrorAction -ErrorVariable
                                   -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatIf, (Mic
                                  rosoft.Exchange.Management.PowerShell.E2010) Get-TransportServer -Debug -DomainController
                                   -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose -WarningAction -W
                                  arningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-SendConnector -Debug
                                   -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose
                                   -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-Re
                                  ceiveConnector -Debug -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer
                                  -OutVariable -Server -Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Manage
                                  ment.PowerShell.E2010) Get-ExchangeServer -Debug -Domain -DomainController -ErrorAction -
                                  ErrorVariable -Identity -OutBuffer -OutVariable -Status -Verbose -WarningAction -WarningV
                                  ariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-DomainController -Credentia
                                  l -Debug -DomainName -ErrorAction -ErrorVariable -Forest -GlobalCatalog -OutBuffer -OutVa
                                  riable -Verbose -WarningAction -WarningVariable}
    RoleType                    : SendConnectors
    ImplicitRecipientReadScope  : Organization
    ImplicitRecipientWriteScope : Organization
    ImplicitConfigReadScope     : OrganizationConfig
    ImplicitConfigWriteScope    : OrganizationConfig
    IsRootRole                  : True
    IsEndUserRole               : False
    MailboxPlanIndex            :
    Description                 : This role enables administrators to manage transport Send connectors in an organization.
    IsDeprecated                : False
    AdminDisplayName            :
    ExchangeVersion             : 0.12 (14.0.451.0)
    Name                        : Send Connectors
    DistinguishedName           : CN=Send Connectors,CN=Roles,CN=RBAC,CN=MSFT,CN=Microsoft Exchange,CN=Services,CN=Configur
                                  ation,DC=corp,DC=com
    Identity                    : Send Connectors
    Guid                        : b000eb8b-052e-4cba-9f19-fe0fb2b7aa36
    ObjectCategory              : corp.com/Configuration/Schema/ms-Exch-Role
    ObjectClass                 : {top, msExchRole}
    WhenChanged                 : 4/30/2012 3:19:02 PM
    WhenCreated                 : 10/12/2009 3:58:26 PM
    WhenChangedUTC              : 4/30/2012 7:19:02 AM
    WhenCreatedUTC              : 10/12/2009 7:58:26 AM
    OrganizationId              :
    OriginatingServer           : BQTDC01.MSFT.corp.com
    IsValid                     : True


  5. Add role "Send-Connectors" to Role Group “BQC E14 Copy of Server Management @BQC_E14_Servers”

    [PS] C:\Windows\system32>New-ManagementRoleAssignment -SecurityGroup "BQC E14 Copy of Server Management @BQC_E14_Servers
    " -Role "Send Connectors"

  6. After that,

    [PS] C:\>Get-RoleGroup -Identity "BQC E14 Copy of Server Management @BQC_E14_Servers" -DomainController rdc02.corp.com | fl

    image

Comments

Post a Comment

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

-
Image
  Exchange 2013 CU3 The naming context is in the process of being removed or is not replicated http://technet.microsoft.com/en-us/library/replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server(v=ws.10).aspx   C:\> REPADMIN /SHOWREPS Root\RDC01 DSA Options: IS_GC Site Options: (none) DSA object GUID: f1694974-47c4-4555-a214-db3c86854aeb DSA invocationID: f1694974-47c4-4555-a214-db3c86854aeb ==== INBOUND NEIGHBORS ====================================== CN=Schema,CN=Configuration,DC=lab7,DC=root     TW\AD02 via RPC         DSA object GUID: bfcc1053-e1da-46fd-8b9d-179c7992...
Read more

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

-
Image
Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ 1.  Update KB5022143 (Exchange SU) 2. Run latest HealthCherker 3.  PowerShell Serialization Payload Signing https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ Certificate signing of PowerShell serialization payload in Exchange Server https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1 4.  MonitorExchangeAuthCertificate    https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/ 5.                 New-SettingOverride -Name "EnableSigningVerification" -Component Data -Secti...
Read more

Ticket: RemoteAPP certificate revocation check error

-
Image
  . certutil -f –urlfetch -verify <your_certificate>.cer From internet client (Win7 ultimate x64) Issuer:     CN=TWCA Secure CA -Evaluation Only     OU=SSL Certification Service Provider-Evaluation Only     O=TAIWAN-CA INC.     C=TW Subject:     CN=deep2.msft.com     OU=ITS     O=Msft Corporation     L=Taipei     S=Taiwan     C=TW Cert Serial Number: 04bd dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1) dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2) dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8) dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwErrorStatu...
Read more