Create a Role Group

Applies to: Exchange Server 2010

If you want to customize the permissions that you can assign to a group of users, create a new custom management role group. For more information about role groups in Microsoft Exchange Server 2010, see Understanding Management Role Groups.

Looking for other management tasks related to administrators and specialist users? Check out Managing Administrator and Specialist Users.

Prerequisites

To create a new role group, you need to know the management roles you want to assign to it. All other properties on a role group are optional and can be added after the role is created. For a role to be functional, you must add at least one management role and at least one member.

For a list of built-in roles, see Built-in Management Roles.

What Do You Want to Do?

• Use the Shell to create a role group with no scope
• Use the Shell to create a role group with a custom recipient scope
• Use the Shell to create a role group with an OU scope

Use the Shell to create a role group with no scope

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

Note

You can't use the EMC to create a role group with no scope.

To create a role group, add members to the role group and also specify the users who can delegate the role group to other users, use the following syntax.

New-RoleGroup -Name <role group name> -Roles <roles to assign> -Members <member1, member2, member3, ...> -ManagedBy <user1, user2, user3...>

This example creates a role group that's assigned to the Transport Rules and Journaling management roles, is assigned to Joe, John, and David, and can be delegated by David and Chris.

New-RoleGroup -Name "Compliance Role Group" -Roles "Transport Rules", "Journaling" -Members Joe, John, David -ManagedBy David, Chris

For detailed syntax and parameter information, see New-RoleGroup.

Use the Shell to create a role group with a custom recipient scope

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

Note

You can't use the EMC to create a role group with a custom recipient scope.

You can create role groups with custom recipient management scopes, custom configuration management scopes, or both. To create a new role group that uses a custom management scope that you created, use the following syntax.

New-RoleGroup -Name <role group name> -Roles <roles to assign> -CustomRecipientWriteScope <recipient scope name> -CustomConfigWriteScope <configuration scope name>

This example creates a new role group that's assigned the Transport Rules and Journaling management roles and uses the Seattle Recipients recipient scope.

New-RoleGroup -Name "Seattle Compliance Group" -Roles "Transport Rules", "Journaling" -CustomRecipientWriteScope "Seattle Recipients"

You can also add members to the role group when you create it by using the Members parameter as shown in Use the Shell to create a role group with no scope earlier in this topic. For more information about management scopes, see Understanding Management Role Scopes.

For detailed syntax and parameter information, see New-RoleGroup.

Use the Shell to create a role group with an OU scope

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

Note

You can't use the EMC to create a role group with an organizational unit (OU) scope.

To create a role group that's scoped to a specific OU, use the following syntax.

New-RoleGroup -Name <role group name> -Roles <roles to assign> -RecipientOrganizationalUnitScope <OU name>

This example creates a role group that allows management only of recipients in the Vancouver Office OU.

New-RoleGroup -Name "Vancouver Office Recipients Group" -Roles "Mail Recipients" -RecipientOrganizationalUnitScope "Vancouver Office"

You can also add members to the role group when you create it by using the Members parameter as shown in Use the Shell to create a role group with no scope earlier in this topic. For more information about management scopes, see Understanding Management Role Scopes.

For detailed syntax and parameter information, see New-RoleGroup.

Other Tasks

After you create a new role group, you may also want to:

• View a List of Role Groups
• Add Members to a Role Group
• Remove Members from a Role Group
• Add a Role to a Role Group
• Remove a Role from a Role Group
• Change the Scope of Role Assignments in a Role Group
• Add or Remove a Role Group Delegate
• View the Members of a Role Group
• Change a Linked Foreign USG on a Linked Role Group