本文共 4789 字,大约阅读时间需要 15 分钟。
以一例说明:
创建一个管理员角色,使其只有创建邮箱没有删除邮箱的权限
创建管理员角色
C:\Windows\system32> New-ManagementRole -Name "IT Operator" -Parent "Mail Recipient Creation"
创建"IT Operator"角色继承"Mail Recipient Creation"的所有权限
2. 删除角色中的权限项
C:\Windows\system32>Remove-ManagementRoleEntry "IT Operator\Remove-Mailbox"
删除角色"IT Operator"删除邮箱的权限
如何查看一个角色拥有哪些权限项呢?
C:\Windows\system32>Get-ManagementRoleEntry -Identity "IT Operator\*"
如下所示:
[PS] C:\Windows\system32>Get-ManagementRoleEntry -Identity "IT Operator\*"Name Role Parameters---- ---- ----------Disable-PushNotificationProxy IT Operator {Confirm, Debug, ErrorAction, ErrorVariable, OutBuffer, Out...Enable-PushNotificationProxy IT Operator {Debug, ErrorAction, ErrorVariable, Organization, OutBuffer...Get-ADServerSettings IT Operator {Debug, ErrorAction, ErrorVariable, OutBuffer, OutVariable,...Get-ActiveSyncMailboxPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-AddressBookPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-DomainController IT Operator {Credential, Debug, DomainName, ErrorAction, ErrorVariable,...Get-MailContact IT Operator {Anr, Credential, Debug, DomainController, ErrorAction, Err...Get-MailUser IT Operator {Anr, Credential, Debug, DomainController, ErrorAction, Err...Get-Mailbox IT Operator {Anr, Arbitration, Archive, Credential, Database, Debug, Do...Get-MailboxDatabase IT Operator {Debug, DomainController, DumpsterStatistics, ErrorAction, ...Get-ManagedFolderMailboxPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-ManagementRoleAssignment IT Operator {AssignmentMethod, ConfigWriteScope, CustomConfigWriteScope...Get-MobileDeviceMailboxPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-OrganizationalUnit IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-Recipient IT Operator {Anr, BookmarkDisplayName, Database, ErrorAction, ErrorVari...Get-RemoteMailbox IT Operator {Anr, Credential, Debug, DomainController, ErrorAction, Err...Get-ResourceConfig IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-RoleAssignmentPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-SharingPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Ident...Get-ThrottlingPolicy IT Operator {Debug, DomainController, ErrorAction, ErrorVariable, Expli...Get-ThrottlingPolicyAssocia... IT Operator {Anr, Debug, DomainController, ErrorAction, ErrorVariable, ...Get-Trust IT Operator {Debug, DomainName, ErrorAction, ErrorVariable, OutBuffer, ...Get-User IT Operator {Anr, Arbitration, Credential, Debug, DomainController, Err...Get-UserPrincipalNamesSuffix IT Operator {Debug, ErrorAction, ErrorVariable, OrganizationalUnit, Out...New-MailContact IT Operator {Alias, ArbitrationMailbox, Confirm, Debug, DisplayName, Do...New-MailUser IT Operator {Alias, ArbitrationMailbox, Confirm, Debug, DisplayName, Do...New-Mailbox IT Operator {AccountDisabled, ActiveSyncMailboxPolicy, AddressBookPolic...New-RemoteMailbox IT Operator {AccountDisabled, Alias, Archive, Confirm, Debug, DisplayNa...Remove-MailContact IT Operator {Confirm, Debug, DomainController, ErrorAction, ErrorVariab...Remove-MailUser IT Operator {Confirm, Debug, DomainController, ErrorAction, ErrorVariab...Remove-PushNotificationSubs... IT Operator {Confirm, Debug, ErrorAction, ErrorVariable, Force, Mailbox...Remove-RemoteMailbox IT Operator {Confirm, Debug, DomainController, ErrorAction, ErrorVariab...Set-ADServerSettings IT Operator {ConfigurationDomainController, Confirm, Debug, ErrorAction...Set-MailboxFolderPermission IT Operator {Acce***ights, Confirm, Debug, DomainController, ErrorActio...Write-AdminAuditLog IT Operator {Comment, Confirm, Debug, DomainController, ErrorAction, Er... 这样就可以灵活创建管理员角色了.
转载地址:http://bqida.baihongyu.com/