Symptoms
In a Microsoft Exchange Server 2016 environment, consider the following scenario:
- You create a Role Based Access Control (RBAC) management role by adding certain management role entries that are based on the Unified Messaging (UM) Mailboxes role, such as the Set-UMMailboxPIN cmdlet.
-
You create a management scope by using a recipient restriction filter and specify a particular organizational unit (OU) to the filter.
-
You create a management role group that has this management role and management scope assigned.
In this scenario, when admin members in the management role group run the Set-UMMailboxPIN cmdlet, they can reset the PINs on the UM-enabled mailboxes for users who are outside the scoped OU.
Cause
Resolution
To fix this issue, install Cumulative Update 9 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.
Status
References
Learn about the terminology that Microsoft uses to describe software updates.