Hello. I have set up a Role Assignment that limits the Admins at a particular location to only being able to administer the accounts in their own OU. That is working. However, they when they open 'Recipient Configuration' they can see the objects in the entire organization. I think I need to change the read scope but I can't seem to work out how. Any ideas would be welcome. Thanks, Des

Hello, What roles did you assign to the role group? You can use the following command to check: Get-RoleGroup id xxx |FL Thanks, Simon Wu Exchange Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

The only role assigned was the "Mail Recipients". Commands used were: new-managementscope "New Haven" -recipientRoot "OU=New Haven,DC=na,DC=domain,DC=com" -recipientrestrictionfilter {RecipientType -eq "UserMailBox"} New-ManagementRoleAssignment -name "New Haven Admins" -role "Mail Recipients" -SecurityGroup "NA-NH-IT-Admins" -RecipientOrganizationalUnitScope "New Haven" Des