This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 50%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Is it possible to grant a normal user admin access\role to one or more Exchange 2016 mailbox so that that user can manage\admin that single mailbox or some mailboxes using Exchange Admin Center?
Environment :- Exchange 2016.
Hi @raj a ,
Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
If you are still stuck in this issue, please feel free to post your questions.
Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Sure use the built in RBAC role and the user to the Recipient Mgmt role group
or customize it:
https://learn.microsoft.com/en-us/exchange/permissions/permissions?view=exchserver-2019
Thanks Much.
I have gone through this link. We don't want to assign recipient admin or any other admin role as it will be applicable to entire exchange forest, we just want to grant the normal user admin access to particular mailbox or couple of mailboxes so that user can admin\manage that mailbox from Exchange Admin Center. is it possible?
Yes, you would create a new custom scope and new custom role using that scope and assign it to a security group and put that normal admin user into that group.
Example:
New-ManagementScope -Name "Protected Exec Users" -RecipientRestrictionFilter "Title -like 'VP*'" -Exclusive
New-ManagementRoleAssignment -SecurityGroup "Executive Administrators" -Role "Mail Recipients" -CustomRecipientWriteScope "Protected Exec Users"
The RecipientRestrictionFilter would be used to filter the access to those mailboxes
What is common about the mailboxes you want the user to manage? Same Database? etc....
https://learn.microsoft.com/en-us/powershell/exchange/recipientfilter-properties?view=exchange-ps