Hi Guys,

I am looking for a filter which i can set in a new management scope where an administrator can just manage on a particular Journal Rule. I have 10 location office and each location had his own Exchange admin so already have given then server admin rights with scope defined only exchange server within their site, now i am facing a challenge each location has a journal rule, so i am looking for a scope filter which i can set so that administrator of US site can only manage a Journal rule created for US location. for e.g. if the journal rule name is US Journal Rule, admin should only be able to modify this rule and not other journal rule. Is it possible or am i asking too much from exchange power-

Hi Deepak,

Thank you for your question.

I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

Thank you for your understanding and support.

Best regards,

Thanks Nino for your response, Just to add to above question if there is any probability with the same kind of setup mentioned above , can an scope created for a particular ActiveSync policy / OAB/ Send Connector.

Hi, Any update for me on this?

Hi Deepak,

Sorry for delay!

As I know about Journal Rule, it can only be created by global level for all users(database level should be Journal mailbox but not a Journal rule), we cant create a Journal Rule by site level.

So what do you mean that have one Journal Rule for each site and how did you configure this?

By clarify this, we can check whether it can be done based on the requirement. <o:p></o:p>

Here I suppose yours configuration can be done, then we can configure the scope like this:

• First create a scope for each site:

New-ManagementScope -Name "Redmond Site Scope" -ServerRestrictionFilter {ServerSite -eq "CN=Redmond,CN=Sites,CN=Configuration,DC=contoso,DC=com"}

This example creates the Redmond Site Scope scope and sets a server restriction filter that matches only the servers located in the "CN=Redmond,CN=Sites,CN=Configuration,DC=contoso,DC=com"(its a sites distinguished name) Active Directory Domain Services (AD DS) site. Since customer have 10 sites, customer will need to create 10 scopes for each site separately.

• By default, only role Journaling have the ability to modify the Journal Rules, so we can check the Roles associated to which user/group:

Get-ManagementRoleAssignment -Role Journaling

• We will know the current Group which have the permission to modify all the Journal rules, remove all the assignments:

Get-ManagementRoleAssignment -Role Journaling | Remove-ManagementRoleAssignment

• Create new Management Role Assignment to associate the Role with your admin, combine with the new scope we use:

New-ManagementRoleAssignment -Name "assignment1" -Role "Journaling" -User admin_account -CustomConfigWriteScope New_scope in Step1

Thus the admin account can have Journaling related permission to modify the Journal Rules only reside in the scope we specified: the site scope we created. Please repeat the steps for all you site scope of the 10 admins. So they can only modify the Journal Rule within their own site. Regarding customers second questions, it should be the same method to use the new scope, find the role which can modify the ActiveSync policy / OAB/ Send Connector, they create the new Management Role Assignment for their admins. Please refer to below article for above commands:

New-ManagementScope

https://technet.microsoft.com/en-us/library/dd335137%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

New-ManagementRoleAssignment

https://technet.microsoft.com/en-us/library/dd335193(v=exchg.150).aspx

Best regards,

Thanks Niko this will help me  a lot, just to clarify when i one Journal Rule for each site i mean to say each that each location users email are journaled using a specific journal rule created on org level as of now what we are using is a DDL method to capture these email and fw to the journal mailbox using journal rule.