Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

To give a user the permissions that are granted by a management role group, you need to add the user, or a universal security group (USG), or another role group that the user is a member of, as a member of the role group. For more information about role groups in Microsoft Exchange Server 2010, see Understanding Management Role Groups.

Looking for other management tasks related to administrators and specialist users? Check out Managing Administrator and Specialist Users.

Use the ECP to add members to a role group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

  1. In the Exchange Management Console (EMC), navigate to Toolbox in the console tree.

  2. In the work pane, double-click Role Based Access Control (RBAC) User Editor to open the user editor in the Exchange Control Panel (ECP).

  3. Provide credentials in the Domain\user name and Password fields for an account that has the permissions needed to open the user editor in the ECP. Click Sign in.

  4. Click the Administrator Roles tab.

  5. Select the role group you want to add members to and, then click Details.

  6. In the Members section, click Add.

  7. Select the users, USGs, or other role groups you want to add to the role group, and then click OK.

  8. Click Save to save the changes to the role group.

Use the Shell to add a mailbox as a member of a role group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

To add a mailbox as a member of a role group, use the following syntax.

Copy Code
Add-RoleGroupMember <role group name> -Member <member>

This example adds the mailbox Robert to the Seattle Administrators role group.

Copy Code
Add-RoleGroupMember "Seattle Administrators" -Member Robert

For detailed syntax and parameter information, see Add-RoleGroupMember.

Use the Shell to use a filter to add a group of similar users as members of a role group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

You can use the Get-User cmdlet to add members to a role group if the mailboxes match the criteria you specify in a filter. The Add-RoleGroupMembers cmdlet doesn't accept the object type provided by the Get-User cmdlet, so you need to pass the data through the ForEach statement first.

This procedure makes use of pipelining, variables, recipient filters, and the ForEach statement. For more information about these concepts, see the following topics:

To add mailboxes that meet the criteria you specify as members of a role group, do the following.

  1. Collect the mailboxes that match the criteria you specify using the Get-User command with the Filter parameter and store the mailboxes in a variable.

    Copy Code
    $Mailboxes = Get-User -Filter { RecipientType -Eq "UserMailbox" -and <filter criteria> }
    
  2. This is an optional step. View the list of mailboxes stored in the $Mailboxes variable.

    Copy Code
    $Mailboxes
    
  3. Pass the mailboxes stored in the $Mailbox variable to the Add-RoleGroupMember cmdlet that's running in a ForEach statement.

    Copy Code
    $Mailboxes | ForEach { Add-RoleGroupMember <role group name> -Member $_.Name }
    

This example adds all the mailboxes that are in the Sales IT Staff department to the Sales Help Desk role group.

Copy Code
$Mailboxes = Get-User -Filter { RecipientType -Eq "UserMailbox" -and Department -Eq "Sales IT Staff" }
$Mailboxes | ForEach { Add-RoleGroupMember "Sales Help Desk" -Member $_.Name }

For detailed syntax and parameter information, see Add-RoleGroupMember.

Other Tasks