Determine Role Needed to Run Specific Exchange Cmdlets

By /

Determine Role Needed to Run Specific Exchange Cmdlets

Have you ever wondered what role(s) an account needs in order to run a particular cmdlet? This is important as most organizations follow the Principle of Least Privilege.

Let us say, for example, that we want a particular account to be able to run the Set-ActiveSyncMailboxPolicy cmdlet. What role(s) does that account need?! This is actually simple once we know which cmdlet to use to get this information.

For this example, all we need to run is:

Get-ManagementRoleEntry *\Set-ActiveSyncMailboxPolicy

 Image

Now we know that in order to run the Set-ActiveSyncMailboxPolicy cmdlet, we need to add the Recipient Policies role to the role group of the account we want to give access to.

About The Author

Nuno Mota is an Exchange MVP working as a Microsoft Messaging Specialist for a financial institution. He is passionate about Exchange, Lync, Active Directory, PowerShell, and Security. Besides writing his personal Exchange blog, LetsExchange.blogspot.com, he regularly participates in the Exchange TechNet forums and is the author of the book “Microsoft Exchange Server 2013 High Availability.”

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top