Johnny Yao WorkSpace

    Message Tracking Role http://technet.microsoft.com/en-us/library/dd876858.aspx Although we’ve assigned “Message Tracking” role on “BQC Recipient Root” but it seems not work when tracking message on local hub servers. Now try to assign “Message Tracking” role on local site server scope. Get-ManagementRole “Message Tracking” [PS] C:\>New-ManagementRoleAssignment -SecurityGroup "BQC E14 Copy of Server Management @BQC_E14_Servers" -Role "Message Tracking"   [PS] C:\>Get-MessageTrackingLog -ResultSize Unlimited -Start "1/31/2013 01:00AM" -Sender "Andrew.Yang@MSFT.com" -Recipients "1637970000@qq.com" | ft ClientIP, ClientHostName, ConnectorID, ServerHostName,RecipientStatus

  [PS] C:\>Get-ManagementRoleAssignment -Identity "Send*" | ft Name [PS] C:\>Get-ManagementRoleAssignment "Send Connectors-BQC E14 Copy of Server Management @BQC_E14_Serve" | Remove-ManagementRoleAssignment –Confirm

    Create a role from parent role [PS] C:\>New-ManagementRole -Name "BQC-Send Connectors" -Parent "Send Connectors" Name RoleType ---- -------- BQC-Send Connectors SendConnectors [PS] C:\>Get-ManagementRole "BQC-Send Connectors" | fl   RunspaceId : c28c8c78-5d9b-4140-9d8e-7983a2c3e5cf RoleEntries : {(Microsoft.Exchange.Management.PowerShell.E2010) Get-DomainController -Credential -Debug -DomainName -ErrorAction -ErrorVariable -Forest -GlobalCatalog -OutBuffer -OutVariable - Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-ExchangeServer -Debug -Domain -DomainController -ErrorAction -ErrorVariable -Identit y -OutBuffer -OutVariable -Status -Verbose -WarningAction -WarningVariable, (Microsoft.Ex ...

  Version 1 New-SendConnector is not present in the role definition of the current user. About Send-Connector role is http://technet.microsoft.com/en-us/library/dd876913.aspx   The Send Connectors management role enables administrators to manage transport Send connectors in an organization. Find Send Connectors Role [PS] C:\Windows\system32>Get-ManagementRole | Sort-Object Name | ft Name [PS] C:\Windows\system32> Get-ManagementRole -Identity "Send Connectors" | fl RunspaceId                  : 388383d1-ae70-4f8d-8c00-c07f31dc1594 RoleEntries                 : {(Microsoft.Exchange.Management.PowerShell.E2010) Set-SendConnector -AddressSpaces...

    http://sysadmin-talk.org/2010/04/5-steps-to-heaven-creating-a-custom-rbac-role-in-exchange-2010/ http://www.networkworld.com/community/node/47428

問題定義 : 1. RBAC delgate permission (database/ recipient management) to child domain 服務範圍 : 1. Provide how to setup RBAC delegate permission (database/ recipient management) to child domain 原因說明 : 解決方式 : Symptom ===== RBAC delegation permission (database/ recipient management) to child domain Resolution ============== Commands 1.            New-ManagementScope -Name "ServerInContoso" -ServerList  EX1, EX2, EX3 2.            New-ManagementScope -name "RecipientInContoso" -RecipientRoot "Contoso.msft.corp" -RecipientRestrictionFilter {name -like '*'} –verbos 3.            $RoleGroup = Get-RoleGroup "Server Management" 4.            New-RoleGroup "Server Management - Contoso" -Roles $Role...

  http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/3d408093-5026-470d-92d5-33575ec365dd/   By default, only member of Organization Management group can run the cmdlet. Add-ADPermission http://technet.microsoft.com/en-us/library/bb124403.aspx Please also run the Exbpa in the Toolbox to do "Permission Check".