Wednesday, February 8, 2017

RBAC Effective Permissions

Hi folks,

You are well aware with the effective permissions in the NTFS and also on other objects that are controlled by ACLs (like AD objects or registry).

Now the same kind of check and report is available for Exchange RBAC. What it does, it checks all the role group membership of an admin account and then provides as an output roles that they were assigned to.

The below code should do this magic:

Get-ManagementRoleAssignment -GetEffectiveUsers | Where-Object {$_.EffectiveUserName -eq "Admin"} | Select-Object Role

And it provides code as below: