Hi!

We added some user accounts to the 'Recipient Management' group and noticed that these accounts are not able to connect mailboxes by using the ECP in Exchange 2013. The dialog box that pops up just stays white.

Which RBAC management role is needed to use the Connect-Mailbox cmdlet?

Many thanks!

Nils

Hello Nils,

That's "Mail Recipients" role...

[PS] C:\>Get-ManagementRoleEntry `*\Connect-Mailbox'

Name                           Role                      Parameters
----                           ----                      ----------
Connect-Mailbox                Mail Recipients           {ActiveSyncMailboxPolicy, AddressBookPolicy, Alias, AllowLe...

Hi Nils,

I have a test in my environment using Exchange 2013. As Amit said, you can create a custom role group, add the "Mail Recipients" role to it. And then add these users to this role group. They will have permission to connect disconnected mailboxes.

Hope my clarification is helpful.

Best regards,

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Many thanks for your answer - although I think that is not sufficient to assign the 'Mail recipients' role. I added a test account to the 'Recipient Management' role group to which the 'Mail recipients' role is assigned to by default. The test account has the ability to use the Connect-Mailbox cmdlet in the EMS, but it still not possible to connect a mailbox via ECP/EAC: the dialog box stays completely empty...

Greetings, Nils

Sounds strange... Can you post the screenshot of EAC?

Hi Amit

many thanks for your answer. Here is the screenshot - I tried it with several different browsers. The user I logged on with is a member of the built in role group 'Recipient Management'.

Greetings, Nils

• Edited by jipjip100 Thursday, August 28, 2014 5:49 AM

Hi Nils,

I have some tests in my environment using Exchange server 2013. If you want to use EAC to connect a disconnected mailbox. The account you use should be assigned Mail Recipients permission at first. The account also should be a member of the View-Only Organization Management.

Hope this can be helpful to you.

Best regards,

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi Amy,

many thanks - now it works. To be able to use the EAC to re-connect disconnected mailboxes a user needs at least the management role 'View-Only Configuration' which is assigned to the default role group 'View-only Organization Management'.

Greetings,

Nils

Hi Nils,

Thank you for your response.

It's great to hear the good news.

Best regards,

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi all,

thanks for this thread. I was dealing with the same issue recently :-)

Actually if you want to limit the RBAC access rights as much as possible then it's enough to grant access only to a single cmdlet "Get-MailboxServer" (besides being member of "Recipient Management" role group). After that you'll be able to see the list of disconnected mailboxes in EAC.

BR, Lukas