Udostępnij za pośrednictwem


Exchange 2010 EMC–not able to view all objects

In a recent installation of Exchange 2010 when we logged in using the Exchange Admin account for the FIRST time, we were not able to view all objects. It was similar to the issue reported on the post - https://qa.social.technet.microsoft.com/Forums/en-US/exchange2010/thread/fc568cc6-8691-4127-b70b-bcc82f9b1f7f

“The user "domain\administrator" isn't assigned to any management roles."

To resolve this, I followed the steps -

1. First please check If you have "Allow inheritable permission..." checked for Microsoft Exchange Container and on Org Container ADSIEDIT.

Note: You can follow the steps below to find the settings.

1. Please try to start ADSIedit.

2. Navigate to "Configuration->Services->Microsoft Exchange"/"Configuration->Services->Microsoft Exchange->First Organization"

3. Righte click on it and select to "Properties".

3. Select "Security" tab.

4. Click "Advance". There please check if you have ticked "Allow inheritable permission" option.

2. Then please verified the attributes msExchRoleLink and msExchUserLink attributes on CN=Role Management-Organization Management-Delegating,CN=Role Assignments,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=….

The value should be "CN=Role Management,CN=Roles,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=…"

3. Please check if "Role Mangement" exists under CN=Roles,CN=RBAC,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=…

4. Also check if "Allow inheritable permission" ticked for "Role Management".

After that, please test the issue again.

If the issue still persists, then please follow the steps below to try to solve the problem

1) Open Windows PowerShell (not the Exchange Management Shell)
a. If you have UAC enabled, right click Windows PowerShell and click Run as
administrator.
2) Run Start-Transcript c:\RBAC.txt and press enter
a. This will start logging all commands and output you type to a text file.
3) Run Add-PSSnapin *setup and press enter
a. This adds the setup snap-in which contains the setup cmdlets used by Exchange
during install. You may see errors about loading a format data file. You can ignore
those errors.
DO NOT run any other cmdlets in this snap-in without direction from Microsoft.
Doing so could irreparably damage your Exchange installation.
4) Run Install-CannedRbacRoleAssignments -InvocationMode Install -Verbose and
press enter.
a. This cmdlet should create the required role assignments between the role groups
and roles that should have been created during setup.
b. Be sure you run with the Verbose switch so we can capture what the cmdlet
does.
5) Run Remove-PSSnapin *setup and press enter
6) Run $Session = New-PSSession -ConfigurationName Microsoft.Exchange
-ConnectionUri https://<FQDN of Exchange 2010 server>/PowerShell/ -Authentication
Kerberos and press enter
a. Be sure to replace <FQDN of Exchange 2010 server> with the FQDN of your
server.
7) Run Import-PSSession $Session and press enter
8) Run Get-ManagementRoleAssignment and press enter
9) Run Stop-Transcript and press enter