New-MailboxExportRequest and New-MailboxImportRequest don't honor RBAC management scope in Exchange Server 2019 and 2016

Applies to: Exchange Server 2019Exchange Server 2016

Symptoms


Consider the following scenario in a Microsoft Exchange Server 2019 or Exchange Server 2016 environment:
  • You create a RBAC management scope and associate it with a specific OU.
  • You apply the scope to a RBAC role group and add a user to this role group.
  • The user runs the New-MailboxExportRequest or New-MailboxImportRequest PowerShell command against a mailbox that's out of that scope.
In this scenario, the command runs successfully. After you apply this update, the user should be able to only run import or export requests against the mailbox within the OU that you defined.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. 

Resolution


To fix this issue, install one of the following updates:
For Exchange Server 2019, install the Cumulative Update 1 for Exchange Server 2019 or a later cumulative update for Exchange Server 2019.
For Exchange Server 2016, install the Cumulative Update 12 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.

References


Learn about the terminology that Microsoft uses to describe software updates.