A RBAC role assignee can unexpectedly run the "Update-FileDistributionService" command on an Exchange Server 2010 server that is outside the role assignment scope

Symptoms

Consider the following scenario:

  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.

  • You assign the Exchange Virtual Directories role to a role assignee.

  • You define the scope of the role assignment to an organizational unit.

  • The role assignee tries to run the Update-FileDistributionService command on an Exchange Server 2010 server that is outside the role assignment scope.

In this scenario, the role assignee can unexpectedly run the Update-FileDistributionService command on the server.

Cause

This issue occurs because there is an incorrect Role Based Access Control (RBAC) scope verification when Exchange Server 2010 runs the Update-FileDistributionService command.

Resolution

To resolve this issue, install the following update rollup:

2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about Role Based Access Control, visit the following Microsoft website:

General information about Role Based Access ControlFor more information about management role assignments, visit the following Microsoft website:

General information about management role assignmentsFor more information about the Update-FileDistributionService command, visit the following Microsoft website:

General information about the Update-FileDistributionService commandFor more information about the Exchange Virtual Directories role, visit the following Microsoft website:

General information about the Exchange Virtual Directories role

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

×