A RBAC role assignee can unexpectedly run the Add-ADPermission command on an Exchange Server 2010 server that is outside the role assignment scope

Article translations Article translations
Article ID: 2514766 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • In a Microsoft Exchange Server 2010 environment, you create a scoped management role assignment which assigns the Active Directory Permissions or Mail Recipients roles.
  • You assign the role assignment to a role assignee.
  • The role assignee tries to run the Add-ADPermission command against a mailbox that is outside of the role assignment scope.
In this scenario, the role assignee can unexpectedly run the Add-ADPermission command against the out of scope mailbox. 

CAUSE

This issue occurs because there is no Role Based Access Control (RBAC) scope verification when Exchange Server 2010 runs the Add-ADPermission command.

RESOLUTION

To resolve this issue, install the following update rollup:
2582113 Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about Role Based Access Control, visit the following Microsoft website:
General information about Role Based Access Control
For more information about management role assignments, visit the following Microsoft website:
General information about management role assignments
For more information about the Add-ADPermission command, visit the following Microsoft website:
General information about the Add-ADPermission command
For more information about the Active Directory Permissions role, visit the following Microsoft website:
General information about the Active Directory Permissions role

Properties

Article ID: 2514766 - Last Review: August 26, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft Exchange Server 2010 Service Pack 1, when used with:
    • Microsoft Exchange Server 2010 Enterprise
    • Microsoft Exchange Server 2010 Standard
Keywords: 
kbqfe kbfix kbexpertiseinter kbhotfixrollup kbsurveynew KB2514766

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com