E14 Ticket: RBAC for Customize Role for Send Connector

-

 

 

  1. Create a role from parent role

    [PS] C:\>New-ManagementRole -Name "BQC-Send Connectors" -Parent "Send Connectors"

    2. Name RoleType
    ---- --------
    BQC-Send Connectors SendConnectors



  2. [PS] C:\>Get-ManagementRole "BQC-Send Connectors" | fl

     

    RunspaceId : c28c8c78-5d9b-4140-9d8e-7983a2c3e5cf

    RoleEntries : {(Microsoft.Exchange.Management.PowerShell.E2010) Get-DomainController -Credential -Debug

    -DomainName -ErrorAction -ErrorVariable -Forest -GlobalCatalog -OutBuffer -OutVariable -

    Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010)

    Get-ExchangeServer -Debug -Domain -DomainController -ErrorAction -ErrorVariable -Identit

    y -OutBuffer -OutVariable -Status -Verbose -WarningAction -WarningVariable, (Microsoft.Ex

    change.Management.PowerShell.E2010) Get-ReceiveConnector -Debug -DomainController -ErrorA

    ction -ErrorVariable -Identity -OutBuffer -OutVariable -Server -Verbose -WarningAction -W

    arningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-SendConnector -Debug

    -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose

    -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-Tr

    ansportServer -Debug -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer -

    OutVariable -Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.Powe

    rShell.E2010) Remove-SendConnector -Confirm -Debug -DomainController -ErrorAction -ErrorV

    ariable -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatI

    f, (Microsoft.Exchange.Management.PowerShell.E2010) Write-AdminAuditLog -Comment -Confirm

    -Debug -DomainController -ErrorAction -ErrorVariable -OutBuffer -OutVariable -Verbose -W

    arningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) S

    et-SendConnector -AddressSpaces -AuthenticationCredential -Comment -Confirm -ConnectionIn

    activityTimeOut -Debug -DNSRoutingEnabled -DomainController -DomainSecureEnabled -Enabled

    -ErrorAction -ErrorPolicies -ErrorVariable -Force -ForceHELO -Fqdn -Identity -IgnoreSTAR

    TTLS -IsCoexistenceConnector -IsScopedConnector -LinkedReceiveConnector -MaxMessageSize -

    Name -OutBuffer -OutVariable -Port -ProtocolLoggingLevel -RequireOorg -RequireTLS -SmartH

    ostAuthMechanism -SmartHosts -SmtpMaxMessagesPerConnection -SourceIPAddress -SourceTransp

    ortServers -TlsAuthLevel -TlsDomain -UseExternalDNSServersEnabled -Verbose -WarningAction

    -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) New-SendConne

    ctor -AddressSpaces -AuthenticationCredential -Comment -Confirm -ConnectionInactivityTime

    Out -Custom -Debug -DNSRoutingEnabled -DomainController -DomainSecureEnabled -Enabled -Er

    rorAction -ErrorPolicies -ErrorVariable -Force -ForceHELO -Fqdn -IgnoreSTARTTLS -Internal

    -Internet -IsCoexistenceConnector -IsScopedConnector -LinkedReceiveConnector -MaxMessage

    Size -Name -OutBuffer -OutVariable -Partner -Port -ProtocolLoggingLevel -RequireOorg -Req

    uireTLS -SmartHostAuthMechanism -SmartHosts -SmtpMaxMessagesPerConnection -SourceIPAddres

    s -SourceTransportServers -TlsAuthLevel -TlsDomain -Usage -UseExternalDNSServersEnabled -

    Verbose -WarningAction -WarningVariable -WhatIf}

    RoleType : SendConnectors

    ImplicitRecipientReadScope : Organization

    ImplicitRecipientWriteScope : Organization

    ImplicitConfigReadScope : OrganizationConfig

    ImplicitConfigWriteScope : OrganizationConfig

    IsRootRole : False

    IsEndUserRole : False

    MailboxPlanIndex :

    Description :

    IsDeprecated : False

    AdminDisplayName :

    ExchangeVersion : 0.12 (14.0.451.0)

    Name : BQC-Send Connectors

    DistinguishedName : CN=BQC-Send Connectors,CN=Send Connectors,CN=Roles,CN=RBAC,CN=MSFT,CN=Microsoft Exchange,

    CN=Services,CN=Configuration,DC=corp,DC=com

    Identity : BQC-Send Connectors

    Guid : d7f1d5bf-e01e-43f0-baba-9885db6aa0c9

    ObjectCategory : corp.com/Configuration/Schema/ms-Exch-Role

    ObjectClass : {top, msExchRole}

    WhenChanged : 1/31/2013 10:32:59 AM

    WhenCreated : 1/31/2013 10:32:59 AM

    WhenChangedUTC : 1/31/2013 2:32:59 AM

    WhenCreatedUTC : 1/31/2013 2:32:59 AM

    OrganizationId :

    OriginatingServer : BQTDC03.MSFT.corp.com

    IsValid : True



  3. [PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*"

    image


  4. [PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*" | where {($_.Name -like "Remove-SendConnector")}

    image

  5. [PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*" | where {($_.Name -like "Remove-SendConnector")} | Remove-ManagementRoleEntry

    image

     

  6. Get-ManagementRoleEntry “BQC-Send Connectors\*”

    image


  7. [PS] C:\Windows\system32>New-SendConnector -Name "BQC to Internet" -Verbose -Debug -SourceTransportServers "BQC-HUB01","BQC-HUB02" -AddressSpaces * -Internet

    image

  8. Remove-SendConnector

    [PS] C:\Windows\system32>Get-SendConnector -Identity "BQC to Internet" -DomainController rdc01.corp.com

    9. Identity                                AddressSpaces                           Enabled
    --------                                -------------                           -------
    BQC to Internet                         {smtp:*;1}                              True


    [PS] C:\Windows\system32>Get-SendConnector -Identity "BQC to Internet" -DomainController rdc01.corp.com | Remove-SendConnector

    Confirm
    Are you sure you want to perform this action?
    Removing Send connector "BQC to Internet".
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Comments

Post a Comment

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

-
Image
  Exchange 2013 CU3 The naming context is in the process of being removed or is not replicated http://technet.microsoft.com/en-us/library/replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server(v=ws.10).aspx   C:\> REPADMIN /SHOWREPS Root\RDC01 DSA Options: IS_GC Site Options: (none) DSA object GUID: f1694974-47c4-4555-a214-db3c86854aeb DSA invocationID: f1694974-47c4-4555-a214-db3c86854aeb ==== INBOUND NEIGHBORS ====================================== CN=Schema,CN=Configuration,DC=lab7,DC=root     TW\AD02 via RPC         DSA object GUID: bfcc1053-e1da-46fd-8b9d-179c7992...
Read more

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

-
Image
Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ 1.  Update KB5022143 (Exchange SU) 2. Run latest HealthCherker 3.  PowerShell Serialization Payload Signing https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ Certificate signing of PowerShell serialization payload in Exchange Server https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1 4.  MonitorExchangeAuthCertificate    https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/ 5.                 New-SettingOverride -Name "EnableSigningVerification" -Component Data -Secti...
Read more

Ticket: RemoteAPP certificate revocation check error

-
Image
  . certutil -f –urlfetch -verify <your_certificate>.cer From internet client (Win7 ultimate x64) Issuer:     CN=TWCA Secure CA -Evaluation Only     OU=SSL Certification Service Provider-Evaluation Only     O=TAIWAN-CA INC.     C=TW Subject:     CN=deep2.msft.com     OU=ITS     O=Msft Corporation     L=Taipei     S=Taiwan     C=TW Cert Serial Number: 04bd dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1) dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2) dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8) dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwErrorStatu...
Read more