Exchange Server 2013 - Organization Management group broken after CU6 update, ECP permisisons problem

Hi all,

After CU6 update, I've encountered following problem - two admin AD accounts  which were members of Organisational Management group are unable to get full access to ECP. 

After admin logs in to ECP, there are no access to certain functions, menu is incomplete and certain frames show "You don't have permissions to view this page." warnings.

I tried various troubleshooting methods, for example re-adding users to Organization Management group in AD, without any luck.

On top of that, EMC seems not able to recognise any of RoleGroupMember commands at all, all I get is following:

From what I think, there's some error with Organisation Management group - either permissions or something else (it doesn't show being memeber of anything , apart from Administrators group). Is there a way of reseting built-in roles or maybe there is another way of fixing this issue?

Thanks!

April 27th, 2015 10:28am

Hello

tip: check Management roles assigned to Organization Management role group

https://technet.microsoft.com/en-us/library/dd335087(v=exchg.150).aspx

Free Windows Admin Tool Kit Click here and download it now
April 27th, 2015 2:28pm

I saw that article, but I don't understand from that page which management roles need to be assigned.
April 27th, 2015 3:41pm

Hello

You can check wich cmdlet wich role member:

Get-ManagementRoleAssignment -GetEffectiveUsers -Role "Role Management" |  where {$_.EffectiveUserName -eq "administrator"}

Free Windows Admin Tool Kit Click here and download it now
April 27th, 2015 4:29pm

Get-ManagementRoleAssignment command is not working, same 'the term is not recognised as name of cmdlet, function, script file.." error in EMS.
April 28th, 2015 5:36am

Hi,

Please go to ADUC > Microsoft Exchange Security Groups. Manually add two admin accounts which are used to access EAC and EMS into the following groups:
Server Management
Recipient Management
Organizations Management
View-Only Organization Management
Exchange View-Only Administrators

Then check whether the issue persists.

Regards,

Free Windows Admin Tool Kit Click here and download it now
April 28th, 2015 5:53am

Thanks a lot, apart from the fact there was no "Exchange View-Only Administrators" group, adding these admin users to  View-Only Organization Management and Recipient Management groups did the trick.

Much appreciated.

April 29th, 2015 12:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics