Is there some way to restrict the use of the "Remove-Mailbox" command? Although there is much separation between Exchange 2010 and Active Directory, I accidentally deleted a users Active Directory account by selecting the "Remove" instead of "Disable". I want to disable this functionality to help prevent other network administrators from "accidentally" deleting users AD accounts.

Well, it does tell you it will do that when you use it :) If you want to do this (and I assume this is Exchange 2010 here), I would go the RBAC route and find all the roles that have the remove-maibox role in them: Get-ManagementRoleEntry *\Remove-Mailbox Then either remove that role entry from those roles or better yet, create new manageroles and assignments, remove the default ones and assign those roles ( minus the remove-mailbox command ) to the appropriate groups that need to do the other functions as part of their jobs. More on RBAC: http://technet.microsoft.com/en-us/library/dd298183.aspx If this exch 2007, I might just remove everyone from the Account Operator role except those that need it :)

Yes - this is for Exchange 2010 and yes it does put a prompted dialog box on the screen, but some of the other network admins do not work with Exchange 2010 as much. The results of running "Get-ManagementRoleEntry *\Remove-Mailbox" are: [PS] C:\>Get-ManagementRoleEntry *\Remove-Mailbox Name Role Parameters ---- ---- ---------- Remove-Mailbox Mail Recipient Creation {Arbitration, Confirm, Database, Debug, DomainController, Tony Redmond in the Microsoft Exchange 2010 Inside Out box has a box on pages 153 -154 that provides the following Powershell commands: Get-ManagementRoleAssignment -Role "Mail Recipient Creation" -Delegating $False | Remove-ManagementRoleAssignment The following are the results. I responded no to all prompts until I can better understand what could happen. Confirm Are you sure you want to perform this action? Removing the "Mail Recipient Creation-Organization Management" management role assignment object. The following properties were configured: management role "Mail Recipient Creation", role assignee "mh.local/Microsoft Exchange Security Groups/Organization Management", delegation type "Regular", recipient write scope "Organization", and configure write scope "OrganizationConfig". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): n Confirm Are you sure you want to perform this action? Removing the "Mail Recipient Creation-Recipient Management" management role assignment object. The following properties were configured: management role "Mail Recipient Creation", role assignee "mh.local/Microsoft Exchange Security Groups/Recipient Management", delegation type "Regular", recipient write scope "Organization", and configure write scope "OrganizationConfig". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): n Confirm Are you sure you want to perform this action? Removing the "Mail Recipient Creation-Test" management role assignment object. The following properties were configured: management role "Mail Recipient Creation", role assignee "mh.local/Microsoft Exchange Security Groups/Test", delegation type "Regular", recipient write scope "Organization", and configure write scope "OrganizationConfig". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): n

You want to remove that command from the role:See : http://sysadmin-talk.org/2010/04/5-steps-to-heaven-creating-a-custom-rbac-role-in-exchange-2010/