Hi folks,
Just wanted to quickly share with you one of the RBAC tricks in the Exchange 2010 or 2013. I will not go in to details on role groups, assignments, scopes and so on as it can all be read here.
These 2 strings of code create a report on what cmdlets members of a role group can execute and also scope where they can be executed.
I had to use the $RLGRP variable because when attempting to pipeline results of the Get-ManagementRoleAssignment cmdlet I would get error as below:
$RLGRP= Get-ManagementRoleAssignment -RoleAssignee "Role Group Name"
$RLGRP |foreach {Get-ManagementRole $_.Role} |select Name,ImplicitRecipientReadScope,ImplicitRecipientWriteScope,ImplicitConfigReadScope,ImplicitConfigWriteScope,@{N="Role Entries";E={$_.RoleEntries}} |Export-Csv RlGrpCmdlets.csv
Successful execution of this code produces a nice Excel report.
And of course you will need to replace Role Group Name with something real from your environment.
Enjoy.