My client has a weired requirement
We have installed (Green field) the first exchange server using the account that is a member of organization management. Now for the rest of the exchange server installation the client want us to use an account through which we can only install & configure the exchange server but without creating & deleting the user/dl/contacts.
we created the below 3 new Custom Roles
New-ManagementRole –Name “Custom Mail Recipient Creation” –Parent "Mail Recipient Creation"
New-ManagementRole –Name “Custom Mail Recipients Management” –Parent "Mail Recipients"
New-ManagementRole –Name “Custom DL Management” –Parent "Distribution Groups"
removed the new/remove verbs
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\New-MailContact"
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\New-MailUser"
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\New-Mailbox"
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\Remove-Mailbox"
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\Remove-MailUser"
Remove-ManagementRoleEntry “Custom Mail Recipient Creation\Remove-MailContact"
Remove-ManagementRoleEntry “Custom Mail Recipients Management\Disable-Mailbox"
Remove-ManagementRoleEntry “Custom Mail Recipients Management\Disable-MailUser"
Remove-ManagementRoleEntry “Custom Mail Recipients Management\Disable-MailContact"
Remove-ManagementRoleEntry “Custom DL Management\New-DistributionGroup"
Remove-ManagementRoleEntry “Custom DL Management\Remove-DistributionGroup"
Remove-ManagementRoleEntry “Custom DL Management\Enable-DistributionGroup"
Remove-ManagementRoleEntry “Custom DL Management\Disable-DistributionGroup"
Remove-ManagementRoleEntry “Custom DL Management\Set-DynamicDistributionGroup"
and then we created the custom role group by removing the default roles Mail Recipient Creation, Mail Recipients, Distribution Groups and adding the custom roles we created earlier Custom Mail Recipient Creation, Custom Mail Recipients Management, Custom DL
Management.
New-RoleGroup "Custom Organization Management" -Roles “Recipient Policies”, “Active Directory Permissions”, “Address Lists”, ”Audit Logs”, “Cmdlet Extension Agents”, “Database Availability Groups”, “Database Copies”, “Databases”, “Disaster Recovery”, “E-Mail Address Policies”, “Edge Subscriptions”, “Exchange Connectors”, “Exchange Server Certificates”, “Exchange Servers”, “Exchange Virtual Directories”, “Federated Sharing”, “Information Rights Management”, “Journaling”, “Legal Hold”, “Mail Enabled Public
Folders”, “Custom Mail Recipient Creation”, “Custom Mail Recipients Management”, “Custom DL Management”, “Mail Tips”, “Mailbox Search”, “Message Tracking”, “Migration”, “Monitoring”, “Move Mailboxes”, “Organization Client Access”, “Organization
Configuration”, “Organization Transport Settings”, “POP3 And IMAP4 Protocols”, “Public Folder Replication”, “Public Folders”, “Receive Connectors”, “Remote and Accepted Domains”, “Retention Management”, “Role Management”, “Security Group Creation and Membership”,
“Send Connectors”, “Support Diagnostics”, “Transport Agents”, “Transport Hygiene”, “Transport Queues”, “Transport Rules”, “UM Mailboxes”, “UM Prompts”, “Unified Messaging”, “User Options”, “View-Only Configuration”, “View-Only Recipients”, “ApplicationImpersonation”,
“Mailbox Import Export”, “MyBaseOptions”, ”MyContactInformation”, ”MyProfileInformation”, ”MyRetentionPolicies”, ”MyTextMessaging”, ”MyVoiceMail”, ”MyDiagnostics”, ”MyDistributionGroupMembership”, ”MyDistributionGroups”, ”MyMailboxDelegation”, ”UnScoped Role
Management”, ”View-Only Audit Logs”, ”MyAddressInformation”, ”MyDisplayName”, ”MyMobileInformation”, ”MyName”, “MyPersonalInformation”
When we try to install the exchange server using an account that is a member of a custom role group "Custom Organization Management" created using the above cmdlets the installation fails with the error.
You must be logged on as an exchange organization administrator to install or upgrad the hub transport server role in the topology.
I wonder where did we went wrong or is there a simplier solution to my client's request.