To create a new role group, you need to know the management roles you want to assign to it.

If you're using the Exchange Management Shell to create a new role group, all other properties on a role group are optional and can be added after the role is created. For a role to be functional, you must add at least one management role and at least one member.

For a list of built-in roles, see Built-in Management Roles.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

1. In the Exchange Management Console (EMC), navigate to Toolbox in the console tree.
   
   
2. In the work pane, double-click Role Based Access Control (RBAC) User Editor to open the user editor in the Exchange Control Panel (ECP).
   
   
3. Provide credentials in the Domain\user name and Password fields for an account that has the permissions needed to open the user editor in the ECP. Click Sign in.
   
   
4. Click the Administrator Roles tab.
   
   
5. Click New under Role Groups.
   
   
6. In the Name field, enter the name of the new role group.
   
   
7. In the Description field, provide a short description of the purpose for the role group.
   
   
8. Select one of the two following Write scope options:
   
   
   • A write scope from the drop-down box. In this box, you can select either the default write scope or a custom write scope.
     
     
   • Organizational unit   Select this option and provide an organizational unit (OU) if you want to scope this role group to an OU.
     
     
9. In the Roles section, do the following:
   
   
   • To add one or more management roles to the role group, click Add and select the roles you want to add. You can select multiple roles at one time. Then click OK.
     
     
   • To remove one or more roles from the role group, select the roles you want to remove, and click Remove.
     
     
10. In the Members section, do the following:
    
    
    • To add one or more members to the role group, click Add and select the mailboxes, role groups or universal security groups (USGs) you want to add. You can select multiple items at one time. Then click OK.
      
      
    • To remove one or more members, select the members you want to remove, and click Remove.
      
      
11. When you're done, click Save to create the new role group.
    
    

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

To create a role group, add members to the role group and also specify the users who can delegate the role group to other users, use the following syntax.

	Copy Code
New-RoleGroup -Name <role group name> -Roles <roles to assign> -Members <member1, member2, member3, ...> -ManagedBy <user1, user2, user3...>

This example creates a role group that's assigned to the Transport Rules and Journaling management roles, is assigned to Joe, John, and David, and can be delegated by David and Chris.

	Copy Code
New-RoleGroup -Name "Compliance Role Group" -Roles "Transport Rules", "Journaling" -Members Joe, John, David -ManagedBy David, Chris

For detailed syntax and parameter information, see New-RoleGroup.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

You can create role groups with custom recipient management scopes, custom configuration management scopes, or both. To create a new role group that uses a custom management scope that you created, use the following syntax.

	Copy Code
New-RoleGroup -Name <role group name> -Roles <roles to assign> -CustomRecipientWriteScope <recipient scope name> -CustomConfigWriteScope <configuration scope name>

This example creates a new role group that's assigned the Transport Rules and Journaling management roles and uses the Seattle Recipients recipient scope.

	Copy Code
New-RoleGroup -Name "Seattle Compliance Group" -Roles "Transport Rules", "Journaling" -CustomRecipientWriteScope "Seattle Recipients"

You can also add members to the role group when you create it by using the Members parameter as shown in Use the Shell to create a role group with no scope earlier in this topic. For more information about management scopes, see Understanding Management Role Scopes.

For detailed syntax and parameter information, see New-RoleGroup.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

To create a role group that's scoped to a specific OU, use the following syntax.

	Copy Code
New-RoleGroup -Name <role group name> -Roles <roles to assign> -RecipientOrganizationalUnitScope <OU name>

This example creates a role group that allows management only of recipients in the Vancouver Office OU.

	Copy Code
New-RoleGroup -Name "Vancouver Office Recipients Group" -Roles "Mail Recipients" -RecipientOrganizationalUnitScope "Vancouver Office"

You can also add members to the role group when you create it by using the Members parameter as shown in Use the Shell to create a role group with no scope earlier in this topic. For more information about management scopes, see Understanding Management Role Scopes.

For detailed syntax and parameter information, see New-RoleGroup.

After you create a new role group, you may also want to:

• View a List of Role Groups
  
  
• Add Members to a Role Group
  
  
• Remove Members from a Role Group
  
  
• Add a Role to a Role Group
  
  
• Remove a Role from a Role Group
  
  
• Change the Scope of Role Assignments to a Role Group
  
  
• Add or Remove a Role Group Delegate
  
  
• View the Members of a Role Group
  
  
• Change a Linked Foreign USG on a Linked Role Group