Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

To remove the permissions granted by a management role group from a user, you need to remove the user, or the universal security group (USG) the user is a member of, from the role group's membership. For more information about role groups in Microsoft Exchange Server 2010, see Understanding Management Role Groups.

Looking for other management tasks related to administrators and specialist users? Check out Managing Administrator and Specialist Users.

Use the ECP to remove members from a role group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

  1. In the Exchange Managdment Console (EMC), navigate to Toolbox in the console tree.

  2. In the work pane, double-click Role Based Access Control (RBAC) User Editor to open the user editor in the Exchange Control Panel (ECP).

  3. Provide credentials in the Domain\user name and Password fields for an account that has the permissions needed to open the user editor in the ECP. Click Sign in.

  4. Click the Administrator Roles tab.

  5. Select the role group you want to remove members from, and then click Details.

  6. In the Members section, select one or more members to remove, and then click Remove.

  7. Click Save to save the changes to the role group.

Use the Shell to remove a mailbox as a member of a role group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

To remove a mailbox as a member of a role group, use the following syntax.

Copy Code
Remove-RoleGroupMember <role group name> -Member <member>

This example removes the mailbox Robert from the Seattle Administrators role group.

Copy Code
Remove-RoleGroupMember "Seattle Administrators" -Member Robert

For detailed syntax and parameter information, see Remove-RoleGroupMember.

Other Tasks