Thanks again for the help. Yes, this is the only instance of Exchange that has ever been installed on this VM. As far as the 'Exchange Organization Administrators' rights, I'm not 100% sure what you're referring to, as I don't see that role in
my environment:
Get-RoleGroup
Name AssignedRoles
RoleAssignments ManagedBy
---- -------------
--------------- ---------
Organization Management {Active Directory Permissi... {Active Directory Permissi... {adventureworks.com/Micros...
Recipient Management {Distribution Groups, Mail... {Distribution Groups-Recip... {adventureworks.com/Micros...
View-Only Organization Man... {Monitoring, View-Only Con... {Monitoring-View-Only Orga... {adventureworks.com/Micros...
Public Folder Management {Mail Enabled Public Folde... {Mail Enabled Public Folde... {adventureworks.com/Micros...
UM Management {UM Mailboxes, UM Prompts,... {UM Mailboxes-UM Managemen... {adventureworks.com/Micros...
Help Desk {User Options, View-Only R... {User Options-Help Desk, V... {adventureworks.com/Micros...
Records Management {Audit Logs, Journaling, M... {Audit Logs-Records Manage... {adventureworks.com/Micros...
Discovery Management {Legal Hold, Mailbox Search} {Legal Hold-Discovery Mana... {adventureworks.com/Micros...
Server Management {Database Copies, Database... {Database Copies-Server Ma... {adventureworks.com/Micros...
Delegated Setup {View-Only Configuration} {View-Only Configuration-D... {adventureworks.com/Micros...
Hygiene Management {ApplicationImpersonation,... {ApplicationImpersonation-... {adventureworks.com/Micros...
Compliance Management {Data Loss Prevention, Inf... {Data Loss Prevention-Comp... {adventureworks.com/Micros...
Regardless, I created a new AD account named adventureworks\exchangeadmin. I added this user to the 'Organization Management' group in the 'Microsoft Exchange Security Groups' OU in Active Directory. I then run the following command and can see
the user here. Is this what you are referring to? If so, I can't login to ecp with this user (screen flickers and transfers back to login) either. It looks like this is an IIS issue but not really sure.
Get-RoleGroup "Organization Management" | Format-List
RunspaceId : 6618dcd9-9796-407f-9ad8-0606d8236a35
ManagedBy : {adventureworks.com/Microsoft Exchange Security Groups/Organization Management}
RoleAssignments : {Active Directory Permissions-Organization Management-Delegating, Active Directory
Permissions-Organization Management, Address Lists-Organization Management-Delegating,
Address Lists-Organization Management, ApplicationImpersonation-Organization
Management-Delegating, ArchiveApplication-Organization Management-Delegating, Audit
Logs-Organization Management-Delegating, Audit Logs-Organization Management, Cmdlet
Extension Agents-Organization Management-Delegating, Cmdlet Extension
Agents-Organization Management, Data Loss Prevention-Organization Management-Delegating,
Data Loss Prevention-Organization Management, Database Availability Groups-Organization
Management-Delegating, Database Availability Groups-Organization Management, Database
Copies-Organization Management-Delegating, Database Copies-Organization Management...}
Roles : {Active Directory Permissions, Address Lists, ApplicationImpersonation,
ArchiveApplication, Audit Logs, Cmdlet Extension Agents, Data Loss Prevention, Database
Availability Groups, Database Copies, Databases, Disaster Recovery, Distribution Groups,
Edge Subscriptions, E-Mail Address Policies, Exchange Connectors, Exchange Server
Certificates...}
DisplayName :
ExternalDirectoryObjectId :
Members : {adventureworks.com/Users/ExchangeAdmin, adventureworks.com/Users/Administrator}
SamAccountName : Organization Management
Description : Members of this management role group have permissions to manage Exchange objects and
their properties in the Exchange organization. Members can also delegate role groups
and
management roles in the organization. This role group shouldn't be deleted.
RoleGroupType : Standard
LinkedGroup :
Capabilities : {}
LinkedPartnerGroupId :
LinkedPartnerOrganizationId :
Identity : adventureworks.com/Microsoft Exchange Security Groups/Organization Management
IsValid : True
ExchangeVersion : 0.10 (14.0.100.0)
Name : Organization Management
DistinguishedName : CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=adventureworks,DC=com
Guid : 1924b79e-1790-4643-96b0-b4372b64db1f
ObjectCategory : adventureworks.com/Configuration/Schema/Group
ObjectClass : {top, group}
WhenChanged : 7/19/2013 12:07:11 PM
WhenCreated : 7/18/2013 12:11:10 PM
WhenChangedUTC : 7/19/2013 4:07:11 PM
WhenCreatedUTC : 7/18/2013 4:11:10 PM
OrganizationId :
OriginatingServer : dc.adventureworks.com
ObjectState : Changed