Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
A RBAC role assignee can unexpectedly run the Add-ADPermission command on an Exchange Server 2010 server that is outside the role assignment scope
Article ID: 2514766 - View products that this article applies to.
Consider the following scenario:
This issue occurs because there is no Role Based Access Control (RBAC) scope verification when Exchange Server 2010 runs the Add-ADPermission command.
To resolve this issue, install the following update rollup:
(http://support.microsoft.com/kb/2582113/ )Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about Role Based Access Control, visit the following Microsoft website:
General information about Role Based Access ControlFor more information about management role assignments, visit the following Microsoft website:
General information about management role assignmentsFor more information about the Add-ADPermission command, visit the following Microsoft website:
General information about the Add-ADPermission commandFor more information about the Active Directory Permissions role, visit the following Microsoft website:
General information about the Active Directory Permissions role
Article ID: 2514766 - Last Review: August 26, 2011 - Revision: 2.0