Remove a Role from a Role Group

Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

If you don't want an administrator to have permissions to manage a feature, you can remove the management role assignment between the management role group and the management role that grants the permissions. If other administrators are assigned the same role group, they also lose the ability to manage that feature. For more information about role groups and management role assignments in Microsoft Exchange Server 2010, see the following topics:

Some role groups, such as the Organization Management role group, restrict what roles can be removed from a role group. For more information, see Understanding Management Role Groups.
If an administrator is assigned to another role group that contains management roles that enable the administrator to manage the feature, you need to either remove the administrator from the other role groups, or remove the role that gives access to manage the feature from the other role groups.

Looking for other management tasks related to administrators and specialist users? Check out Managing Administrator and Specialist Users.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.

You can't use the EMC to remove a role from a role group.
  1. To find the name of the management role assignment that assigns the role to the role group, use the following syntax.
    Get-ManagementRoleAssignment -RoleAssignee <role group name>
  2. Find the name of the role assignment you want to remove from the role group in the list that's returned.
  3. To remove the role assignment from the role group, use the following syntax.
    Remove-ManagementRoleAssignment <role assignment name>

This example removes the management role that enables administrators assigned the Seattle Recipient Administrators role group to manage distribution groups.

Get-ManagementRoleAssignment -RoleAssignee "Seattle Recipient Administrators"

In this example, the role assignment Distribution Groups_Seattle Recipient Administrators is returned. The DistributionGroups management role controls the distribution group properties that administrators can manage. This name can be used in the following command.

Remove-ManagementRoleAssignment "Distribution Groups_Seattle Recipient Administrators"

For detailed syntax and parameter information, see Remove-ManagementRoleAssignment.

After you remove a role from a role group, you may also want to: