New-Managementrole

Deleted · ‎May 07 2018

I am in the need of creating a service account and granting only Get-MessageTrace commandlet to that account. I created a custom role from Compliance admin with below command

New-ManagementRole -name 'customrole' -Parent 'compliance admin' -EnabledCmdlets 'Get-MessageTrace'

I have verified the same with below command

Get-ManagementRoleEntry "customrole\*" | ft -AutoSize

i get below output

Get-MessageTrace Customrole {EndDate, ErrorAction, ErrorVariable, Expression...}

I added respective service account to this role.

when I connect exchange PowerShell command using the service admin account and password

when PowerShell connection is established I see several commands has been imported.

Can someone tell me how can I make sure the service account can see just only one command which is get-messagetrace command?

Vasil Michev · ‎May 07 2018

There are many cmdlets that are available for all users, even those without any admin permissions. Those include mostly things you can do with your own mailbox or groups you manage, so nothing to worry about.

Vasil Michev · ‎May 07 2018

@Vasil Michev thanks for the clarification.

Vasil Michev · ‎May 07 2018

There are many cmdlets that are available for all users, even those without any admin permissions. Those include mostly things you can do with your own mailbox or groups you manage, so nothing to worry about.

View solution in original post

New-Managementrole

New-Managementrole

Re: New-Managementrole

Re: New-Managementrole

Re: New-Managementrole

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

New-Managementrole

New-Managementrole

Re: New-Managementrole

Re: New-Managementrole

Re: New-Managementrole