Add second Besadmin to ManagementRoleAssignment "BES Admin EWS"
Hello, I have created ManagementRoleAssignment -Name "BES Admin EWS" and add user Besadmin1, use the following command: New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin1" when I try to add second Besadmin2 to the "BES Admin EWS" I got the following error New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin2" The object 'CN=BES Admin EWS,CN=Role Assignments,CN=RBAC,CN=companymail,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local' already exists. Because "BES Admin EWS" already exist. Please advice how to add second user (Beasadmin2) to "BES Admin EWS" Thank you
September 17th, 2011 10:40am
Something like: New-ManagementRoleAssignment -Name "BES Admin EWS2" -Role ApplicationImpersonation -User "BESAdmin2" Or you could create a security group that contains bith accounts and assign the role that way. Role Assignment Names are unique.
Free Windows Admin Tool Kit Click here and download it now
September 17th, 2011 10:57am
Hello AndyD, I am already have "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin1" it was done before. Would you recommend: 1) Create new "BES Admin EWS2" 2) Remove user Besadmin1 from "BES Admin EWS", create new security group and add bouth users Besadmin1 and Besadmin2 to new security group and add group to the "BES Admin EWS"? If you recommend 2, could you please give me step by step instruction. Thank you
September 17th, 2011 10:00pm
If you want a single security group, then create the group in AD, add the BES accounts to the security and create the assignment: New-ManagementRoleAssignment -Name "BES Impersonation" -Role ApplicationImpersonation -SecurityGroup "BES Impersonation Group" http://technet.microsoft.com/en-us/library/dd335193.aspx To Remove the current role assignment from BES Admin EWS: http://technet.microsoft.com/en-us/library/dd351205.aspx Remove-ManagementRoleAssignment
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2011 7:41am
Thank you for your answer. What type of Security group I should create Global or Universal ? I have created Universal
September 19th, 2011 9:40am
Hi MarioTunes, You can create a new Role Group. Create a Role Group http://technet.microsoft.com/en-us/library/dd638209.aspx Understanding Management Role Groups http://technet.microsoft.com/en-us/library/dd638105.aspx Frank Wang
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2011 5:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics