Four major groups of tasks are performed in Exchange
Server 2010 administration. Each of these groups and tasks can be fully
managed using the Exchange Management Shell. The rich command-line
interface in EMS provides more granularity than the Exchange Management
Console:
Organization management tasks—
Include managing federation or organizational trusts, database
management, global rules, email life cycle policies, OWA and ActiveSync
policies, email address policies, and unified messaging dial plans.
Server management tasks—
Include certificate management as well as managing and configuring all
Exchange 2010 server roles, including mailbox servers, client access
servers, Hub Transport servers, and Unified Messaging servers.
Recipient management tasks—
Include all facets of mailbox, contact, and distribution group
management, including creation, moves, deletions, and modifications.
Diagnostic tasks— Include queue management, reporting, and analysis. Performance monitoring and alerts also fall into this group.
Tasks are further broken down into categories based on server role or features:
Edge Transport server— Managing EdgeSync, Active Directory Lightweight Directory Services (ADLDS), receive connectors, and send connectors.
Hub Transport, Client Access, Mailbox, and Unified Messaging roles—
Managing transport rules, Outlook Web App configuration, database and
DAG configuration, mailbox configuration, and unified messaging
configuration.
Antispam— Managing content filtering, recipient filtering, IP Allow and Block filters, SenderID, and Sender Reputation settings.
Email life cycle— Message archiving and journaling, and creating, managing, and deleting Exchange Server 2010 Email Life Cycle folders.
Transport— Managing hub transport rules and policies.
Rules— Creating, managing, and deleting global rules, internal rules, external rules, and journal rules.
Understanding How RBAC Is Used in EMS
Roles-Based Access
Control (RBAC) is the new security model used in Exchange Server 2010.
RBAC uses management roles to determine what an administrator can do and
manage in the Exchange Management Shell (EMS), the Exchange Management Console (EMC), and the Exchange Control Panel (ECP).
For
example, an administrator who is assigned the RecipientManagement role
can manage mailboxes, distribution groups, contacts, and other recipient
objects. Also, the management roles assigned to administrators can be
scoped, so they can manage only specific recipients or servers in the
Exchange Server 2010 organization. For example, if am RBAC role
assignment is scoped to only recipients in San Francisco, the
administrator with that role can manage only San Francisco recipients
and no others.
RBAC and Its Affect in EMS
An important concept
to understand is that RBAC dictates which cmdlets are exposed and
available to the administrator, depending on the RBAC management role(s)
assigned to that administrator. This might be only a small subset of
the many commands and cmdlets that ship with Exchange Server 2010.
Likewise, some RBAC
roles use a particular cmdlet but might not have access to all its
parameters. For example, if a modified RecipientManagement role does not
enable the administrator to change the recipient’s office, the -Office parameter will not be used in that administrator’s Set-Mailbox cmdlet.
Note
The help commands in
Exchange Management Shell always show all the parameters available for
the cmdlet, regardless of the RBAC roles assigned to the user.
