This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 57.99999999999999%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
2019 Exchange on prem, this issue started because the exchange admins could not create any security / distribution groups or shared mailboxes. Turned out to be an active directory permission missing. The list of assigned roles assigned to the Organization Management got messed up and now I am unable to remove an assigned role. The Admin role Organization Management has the message "Roles were assigned to this role group using multiple write scopes or exclusive write scopes. Therefore, you can't view the write scope or manage the assigned roles here. " Using Exchange shell set-managementroleassignment -ReciepientRelativeWriteScope Organization is not helping me remove the roles that do not belong such as MailboxSearchRole.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 71%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
After trying to reset the write scope setting back, please wait or force the AD synchronization. You can use the following command to check the CustomRecipientWriteScope again:
Get-ManagementRoleAssignment -RoleAssignee "Organization Management" | export-csv c:\location\Get-MgmtRA-OrgMgmt.csv
For your reference: Restore Organization Management Role Back to Default Settings.
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
What errors do you get when remove a role from the role group?
What about removing the unwanted role with EMS? Try this command, if you still cannot manage roles for Organization Management role group, you can post the screenshot here and don't forget to cover your personal information:
get-ManagementRoleAssignment "Mailbox Search-Organization Management"
get-ManagementRoleAssignment "Mailbox Search-Organization Management"|Remove-ManagementRoleAssignment
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 43%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Thank you for this response,
I had found that Catapult Systems website earlier this afternoon. The piece that I was missing was the code you provided. I was not sure I should just do the get-ManagementRoleAssigment and pipe that into a Remove-ManagementRoleAssignment.
What I found after exporting the Role Assignments was that some of the roles that are not assigned directly such as ApplicationImpersonation Role was assigned directly along with the delegation.
Following the list on this docs page https://learn.microsoft.com/en-us/previous-versions/office/exchange-server-2010/dd335087(v=exchg.141)?redirectedfrom=MSDN#management-roles-assigned-to-this-role-group-1 I was able to remove the roles that did not belong and all is working again.
That's great!
Yes, some roles are added with delegating assignment, and "-Delegating" is displayed in the role name. This can help us to identify the same role added manually:
Additionally, if you don't mind, we'd suggest you accept the useful reply as Answer. This may help other users will similar issues. Thanks for your understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.