So my goal is - to create a custom role, which can only forward mail (and checkbox deliver to both mailboxes) to a specific scope of domain users, and assing this role to a domain user. User manages forward throught EMC. My plan was: 1. Create a new Role based on Mail Recipients role new management-role "Forward Mail" -parent "Mail Recipients" 2. Delete all cmdlets from new role except get-mailbox & set-mailbox with parameters -ForwardingAddress & DelivertoMailboxAndForward 3.Create new management scope New-ManagementScope -Name "operators" -RecipientRestrictionFilter {Description -eq "Operator"} 4.Assign new role to a user New-ManagementRoleAssignment -User fortest -Role "Forward Mail" -CustomRecipientWriteScope operators Launch EMC under user - just have organization configuration node without any access. Any ideas? Maybe there are some cmdlets, which i've deleted from role.

Hi, Try to add the user to the View-only Organization Management group. Leif

Now i see all mailboxes\configuration, but all buttons\parameters are blocked for editing.

hi, I think that because you have no permission to launch EMC/EMS, so all buttons/parameters are blocked. The reason that you can see all mailbox is that you have View-only Organization Management group permisson. I will do a test and then tell you the result. hope can help you thanks,CastinLu TechNet Community Support