Custom config writescope

Predefined relative scopes Exchange provides several predefined relative write scopes that you can use to modify scope of a management role. Predefined relative scopes provide an easy way for you to more closely match the needs of your business without having to create custom scopes manually. For example, the Self predefined relative scope restricts that write scope to the current user only. The MyDistributionGroups predefined relative scope restricts the write scope to the distribution group the current user owns only.

Custom config writescope

Recipient filter scope Recipient filter-based scopes are created by using the RecipientRestrictionFilter parameter on the New-ManagementScope cmdlet.

How do you do this?

When you create a recipient filter, in addition to the recipient properties to filter, you can specify the OU in which the filter query runs. When you specify a base OU, you further restrict the write scope of the role.

For more information about management scope filters, see Understanding management role scope filters. Use the following syntax to create a domain restriction filter scope with a base OU.

You can omit the RecipientRoot parameter if you want the filter to apply to the entire implicit read scope of the management role and not just within a specific OU. For detailed syntax and parameter information, see New-ManagementScope.

Server filter configuration scope Server filter-based configuration Custom config writescope are created by using the ServerRestrictionFilter parameter on the New-ManagementScope cmdlet.

A server filter enables you to create a scope that applies only to the servers that match the filter you specify. For more information about management scope filters and for a list of filterable server properties, see Understanding management role scope filters.

Custom config writescope

Use the following syntax to create a server filter scope. Server list-based configuration scopes are created by using the ServerList parameter on the New-ManagementScope cmdlet.

A server list scope enables you to create a scope that applies only to the servers you specify in a list. Use the following syntax to create a server list scope. Database filter-based configuration scopes are created by using the DatabaseRestrictionFilter parameter on the New-ManagementScope cmdlet.

A database filter enables you to create a scope that applies only to the databases that match the filter you specify. For more information about management scope filters and for a list of filterable database properties, see Understanding management role scope filters.

Use the following syntax to create a database restriction filter. Database list-based configuration scopes are created by using the DatabaseList parameter on the New-ManagementScope cmdlet.

Understanding management role scopes: Exchange Help | Microsoft Docs

A database list scope enables you to create a scope that applies only to the databases you specify in a list. Use the following syntax to create a database list scope. Exclusive scope Any scope that you create with the New-ManagementScope cmdlet can be designated as an exclusive scope.

To create an exclusive scope, you use the same commands in one of the preceding sections to create a recipient filter-based scope, server filter-based scope, server list-based scope, database filter-based scope, or database list-based scope, and then add the Exclusive switch to the command.

When you create exclusive management scopes, only the role assignees assigned exclusive scopes that contain objects to be modified can access those objects.Limiting access to Executive Mailboxes in Exchange Online.

Implicit scopes

Or based on a custom attribute (you get the idea – View-only configuration (this allows the external helpdesk to view non-recipient configuration such as transport config) – Distribution Groups (this allows the external helpdesk to create distribution groups).

Join Stack Overflow to learn, share knowledge, and build your career. Apr 07,  · Management role scopes enable you to define the specific scope of impact or influence of a management role when a management role assignment is created.

When you apply a scope, the role assignee assigned to the role can only modify the objects contained within that scope. A role assignee can be a management role . Or, the role's implicit configuration write scope must contain the database to be managed, or contain the server where the database is located, and the role assignment can't have a custom write scope.

Jun 21,  · The CustomConfigWriteScope parameter specifies the existing configuration scope to associate with this management role assignment.

The CustomRecipientWriteScope parameter specifies the existing recipient-based management scope to associate with this management role assignment. When you add a new role assignment, you can specify a built-in or custom role that was created using the New-ManagementRole cmdlet and specify an organizational unit (OU) or predefined or custom management scope to restrict the assignment.

Set-ManagementRoleAssignment