[This is pre-release documentation and subject to change in future releases. This topic's current status is: Writing.]

Applies to: Exchange Server 2010 Beta Topic Last Modified: 2008-12-11

Use the Remove-ExchangeAdministrator cmdlet to remove a user or group from a particular Microsoft Exchange Server 2007 role.

Remove-ExchangeAdministrator -Identity <SecurityPrincipalIdParameter> -Role <OrgAdmin | RecipientAdmin | ServerAdmin | ViewOnlyAdmin | PublicFolderAdmin> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Scope <String>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description




The Identity parameter specifies the user to remove from the role.




The Role parameter returns only the specified role type.




The Scope parameter specifies the name of the server for which the user will have administrative privileges. Scope is required when defining the ServerAdmin role. When the role is OrgAdmin or MailboxAdmin, the scope is the entire organization.




The DomainController parameter specifies the domain controller to use to write this configuration change to Active Directory. Use the fully qualified domain name (FQDN) of the domain controller that you want to use.




The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You do not have to specify a value with the Confirm parameter.




The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter.

Only Exchange Organization administrators can successfully remove users or groups from the Exchange 2007 built-in roles.

The Remove-ExchangeAdministrator cmdlet cannot be used to manage Microsoft Exchange Server 2010 permissions. Use the ManagementRole, ManagementRoleAssignment, ManagementRoleEntry and ManagementScope cmdlets to modify Exchange 2010 permissions. While the Remove-ExchangeAdministrator cmdlet can currently be used to manage Exchange Server 2007 server permissions, it will be removed from Exchange 2010 in future builds. At that time you will need to install the Exchange Server 2007 administration tools to administer computers that have Exchange Server 2007 installed.

Also, while the Exchange Management Control administrator role wizard remains available, you cannot use it to manage Exchange 2010 management roles. To administer Exchange 2010 management roles, you must use the management role cmdlets specified above. The Exchange Management Console administrator roles wizard will be updated to enable management of management roles in a later milestone.

To run this cmdlet, you must be assigned, either directly or using a universal security group, one of the following management roles:

  • Organization Management

While all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they are not included in the management roles assigned to you.

To run this cmdlet on the Edge Transport server role, you must log on by using an account that is a member of the local Administrators group on that computer. For more information, see Permissions Information for Cmdlet Help and Procedural Topics.

Error Description

Exceptions Description

The following code is an example of the Remove-ExchangeAdministrator command. This command removes the user Ted Bremer from the OrgAdmin role.

Remove-ExchangeAdministrator -Role OrgAdmin -Identity TedBrem