locked
ECP role to manage multiple exchange servers RRS feed

  • Question

  • Hi,

    I have 4 exchange 2010 servers sp3 at 4 different locations under one domain. When I login to ECP portal with one of the exchange account (domain admin), I can only manage for the mailboxes from that exchange server. If I choose to manage other users from other exchange server, I am forwarded to another OWA/ECP login which I don’t always know all users credentials. Which role should I assign to myself so that I can do message tracings etc. from one single login account?

    Many thanks.

    Pwint


    Thursday, June 25, 2015 11:04 AM

Answers

  • Hi Pwint,

    We could logon EAC->Permission->admin roles, then we could check which admin role include the account who want to mange all sites. Please tell us.

    If there are any questions regarding this issue, please be free to let me know.

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    • Marked as answer by Pwint Thursday, July 16, 2015 3:10 PM
    Thursday, July 2, 2015 9:41 AM
    Moderator

All replies

  • Is the domain admin account (or whatever account you're using) not a member of the "Organization Management" RBAC group?  If not, add that account to that role through the EAC.  What do you mean by "4 different locations"?  Do you mean 4 different AD sites?

    Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.

    Thursday, June 25, 2015 1:51 PM
  • If you just want to manage the Exchange objects and the servers, add your account to the Server Management role. There will be an AD group with the same name.

    If you want full control on the entire org, add yourself into the Organization management group.


    Cheers,

    Rajith

    TheUCGuy.Net

    Twitter:    Facebook:   

    Note: Posts are provided “AS IS” without warranty of any kind.

    Thursday, June 25, 2015 2:01 PM
  • Hi Pwint,

    Thank you for your question.

    Did the 4 Exchange 2010 locate at the different subnets?

    Did the 4 Exchange 2010 belong to all-in-one?

    Did the Exchange connect to the same DC?

    We could replicate the DC and make sure DCs' replicate without any problems, then check if the issue persist. By default, Exchange ECP fetch the Email address information, so we must make sure AD replication without problems.

    We could run the following command to check the Exchange CAS server connect to DC:

    Get-ADSserverSetting | FL

    Then check replication among DCs.

    If there are any questions regarding this issue, please be free to let me know.

    Best Regard,

    Jim

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Monday, June 29, 2015 1:28 AM
    Moderator
  • Hi,

    Thanks for the reply. yes I am already in "Organization Management" group. If I manage another user that belongs to another server, I am forwarded to login screen and after I entered my credentials then I can see the user Account Information. Is it normal behaviour or I have to change Authentication? If so what should it be?

    Thanks very much,

    Pwint 

    Thursday, July 2, 2015 7:49 AM
  • Hi Jim,

    Yes. All exchange servers belongs to one domain but all 4 in different subnets and each in 4 AD sites. There is no issue with replications across all domain controllers.

    I would like to know how others manage with exchange users accounts from ecp as exchange admins, I don't want to give all domain admins to manage full exchange features. And domain users with only certain permission but still allow to login to ecp site.

    Thanks,

    Pwint

    Thursday, July 2, 2015 7:58 AM
  • Hi Pwint,

    How did you grant RBAC permission to admin(include the detail steps)?

    Did you grant role group with OUs which are 4 sites?

    For example:

    New-RoleGroup –Name “Manage Recipients for Helpdesk” –Roles “Enable Mailbox” –RecipientOrganizationalUnitScope “contoso.com/site1”(then site2, site3, site4).

    If there are any questions regarding this issue, please be free to let me know.

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Thursday, July 2, 2015 9:08 AM
    Moderator
  • Hi Jim,

    Thanks for the reply. No I don't remember running the script that you have written.

    I just checked if I am part of Organization Management group in AD - Microsoft Exchange security Groups OU.

    Cheers,

    Pwint

    Thursday, July 2, 2015 9:17 AM
  • Hi Pwint,

    We could logon EAC->Permission->admin roles, then we could check which admin role include the account who want to mange all sites. Please tell us.

    If there are any questions regarding this issue, please be free to let me know.

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    • Marked as answer by Pwint Thursday, July 16, 2015 3:10 PM
    Thursday, July 2, 2015 9:41 AM
    Moderator
  • Hi Pwint,

    Did the case solve? You could share your solution with us.

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support

    Friday, July 17, 2015 1:50 AM
    Moderator
  • Hi, The admin role check was useful to properly manage the users group. However the actual fix for my issue was in the problem exchange server IIS which has http redirection ticked to owa in Ecp and I restarted the IIS. Thank you all for the replies. You guys rock! Cheers, pwint.
    Friday, July 24, 2015 4:34 AM