none
Management Role for multiple OU's RRS feed

  • Question

  • Hi,

    We have a multi-tenant AD and want to assign a role or management role to multiple OU's. Each customer has it's own OU. That way our customer support can assign full access rights to mailboxes of franchising customers. But we want this only for the customers who are in a franchise with each other so not for all customers.

    How can we achieve this?


    • Edited by j.sannen Tuesday, July 23, 2019 1:33 PM
    Monday, July 22, 2019 12:17 PM

Answers

  • Hi j.sannen,

    Thanks four your kindly explanation, I understand your requirement and my last reply might confuse you, now i have modified it, please review. Assigning role group to multi OUs cant be achieved yet.

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    • Marked as answer by j.sannen Thursday, August 1, 2019 8:59 AM
    Friday, July 26, 2019 8:52 AM

All replies

  • Hi,

     

    Based on your requirement, I'd suggest you use the Exchange Management Shell to copy a role group "Organization Management" with the franchising OU scope.

     

    $RoleGroup = Get-RoleGroup "Organization Management"

    New-RoleGroup "OU1 Management" -Roles $RoleGroup.Roles -RecipientOrganizationalUnitScope "contoso.com/OU1" -Members <member1, member2, member3...>

     

    To verify that you have successfully added roles to a role group, do the following:

    1.In the EAC, navigate to Permissions > Admin Roles.

    2.Select the role group you added roles to. In the role group details pane, verify that the roles that you added are listed.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Tuesday, July 23, 2019 3:23 AM
  • Hi Kelvin,

    Thanks for your answer.

    Unfortunately there is not 1 franchising OU. At the same level we have customer OU's and some of these customers are working together. I'm looking for way to combine multiple OU's as RecipientOrganizationalUnitScope in 1 RoleGroup. Or any other way to achieve this.

    Regards, Joost

    Tuesday, July 23, 2019 7:46 AM
  • Hi,

     

    With my research, the Rolegroup scope only specifies one organizational unit(OU), there's no other metods except creating a new OU that containing all needed users.

     

    Regards,

    Kelvin Deng



    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com

    Thursday, July 25, 2019 6:01 AM
  • Hi,

    It's an existing environment and nevermind the multi-tenancy. It's a Exchange question. See picture which displays part of the AD. Under level 1 each customer has it's own OU and standard OU's below it for several objects.

    What I want is a role which applies on only 2 OU's, for example 2 and 3. I hope I have explained it well enough. If not, please ask again.

    Friday, July 26, 2019 7:58 AM
  • Hi j.sannen,

    Thanks four your kindly explanation, I understand your requirement and my last reply might confuse you, now i have modified it, please review. Assigning role group to multi OUs cant be achieved yet.

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    • Marked as answer by j.sannen Thursday, August 1, 2019 8:59 AM
    Friday, July 26, 2019 8:52 AM
  • Hi,

     

    I am writing here to confirm with you how the thing going now?

     

    If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Wednesday, July 31, 2019 7:44 AM