设为首页 收藏本站
查看: 930|回复: 0

[经验分享] EXCHANGE RBAC(基于角色的访问控制)管理工具



发表于 2018-7-8 09:26:49 | 显示全部楼层 |阅读模式
  server 2012 r2 (需安装.net framework 3.5)
  exchange 2013 sp1 cu15
  Customizing RBAC roles is in most cases not something that is a frequent task, so it can take a while to familiarize and re-familiarize with the concept and all cmdlets. But if your organization does not fit in the default roles, you will have to dig into it.
  However, I came across a tool that would make customizing a lot easier. It’s the RBAC Manager R2 for Exchange. It’s currently posted on Codeplex, including the source code (it’s in C#). It states that it works with Exchange 2010, Exchange 2013 preview and Office 365. The last update was from September 2011, however I’ve found no issues working with Exchange 2013 CU5. Install it on a domain joined computer with .Net 3.5 and just enter a server FQDN and credentials and it works (in my case).
  In the overview all Management Roles are presented, including any custom Role groups. Those with a parent are shown in an hierarchy. Selecting a Role Group, shows every Role Assignment, including scopes. Selecting a Management Role shows all inlcuded cmdlet. Tip: Under View>Show Parameter you can enable all parameters that are included in the Management Role. A lot easier than the PowerShell route I’ve previously blogged about here.

  Overview of RBAC Manager R2, showing Management Roles, Role Assignments, included cmdlets and their paramters.
  Another helpful feature is the ability to search for specific cmdlets, the tool then shows every Role Group with Management Roles that include that specific cmdlet. Very handy if you need to know which Role Groups provides a certain permission. This makes the tool valuable even if you do not require RBAC customization.
  You can remove Management Roles from Role Groups, cmdlets from Management Roles but you can also remove specific parameters (after enabling the view of parameters). Create new Management Roles from a parent Role. I could do everything I needed to do without using the Exchange Management Shell. And the best part? It logs the actual Exchange PowerShell commands in a text log file for reference and documentation. Nice!
  It’s not a quick tool but this is just a minor irritation. It helps to provide an overview of the RBAC implementation and allows for quick editing and management of Exchange RBAC. For those that do not frequently work with RBAC and know all cmdlets and procedures by heart, this is a great addition in your tool set. I would love to see this kind of functionality added in EAC BTW.

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-535108-1-1.html 上篇帖子: Microsoft Exchange Server 2010与Office 365混合部署——Office365用户修改密码 下篇帖子: Microsoft Exchange Server 2010与Office 365混合部署——本地Exchange 2010运行混合配置向导
您需要登录后才可以回帖 登录 | 立即注册






客服E-mail:kefu@iyunv.com 客服QQ:1061981298

QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表