none
Which permissions do I need to run these Exchange cmdlets? RRS feed

  • Question

  • Hi

    Now, I'm using a domain account to run a process, this process will execute these Exchange cmdlets below.

    Get-MailboxDatabase,

    Get-PublicFolderDatabase,

    Get-MailboxDatabaseCopyStatus,

    Get-Mailbox,

    Get-MailboxPermission,

    Get-User

    So I want to know which permission do I need to run these cmdlets.  From Microsoft's doc, https://technet.microsoft.com/en-us/library/dd638132(v=exchg.160).aspx, it tell me I can assign "Organization Management" to this user, but this permission contains so many roles inside it, its permission is too high.

    After I tested, I found if I assign "Public Folder Management" permission to this user, it can work.  But I'm wondering why this public folder management can allow me to get mailbox like these cmdlets.  Is it correct?

    Thanks very much.


    Tuesday, December 8, 2015 7:34 AM

All replies

  • In general, you can check which roles have a given cmdlet assigned by running:

    Get-ManagementRoleEntry "*\Get-MailboxDatabase"

    In your case, I'd say use the "View-Only Organization Management" role group, or create a custom one.

    Tuesday, December 8, 2015 8:03 AM