A RBAC role assignee can unexpectedly run the "Update-FileDistributionService" command on an Exchange Server 2010 server that is outside the role assignment scope

Applies to: Exchange Server 2010

Symptoms


Consider the following scenario:
  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.
  • You assign the Exchange Virtual Directories role to a role assignee.
  • You define the scope of the role assignment to an organizational unit.
  • The role assignee tries to run the Update-FileDistributionService command on an Exchange Server 2010 server that is outside the role assignment scope.
In this scenario, the role assignee can unexpectedly run the Update-FileDistributionService command on the server.

Cause


This issue occurs because there is an incorrect Role Based Access Control (RBAC) scope verification when Exchange Server 2010 runs the Update-FileDistributionService command.

Resolution


To resolve this issue, install the following update rollup:
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


For more information about Role Based Access Control, visit the following Microsoft website:For more information about management role assignments, visit the following Microsoft website:For more information about the Update-FileDistributionService command, visit the following Microsoft website:For more information about the Exchange Virtual Directories role, visit the following Microsoft website: