7
Exchange Online Scope
Hallo,
wir befinden uns gerade in der Migration nach Exchange Online.
Unter Exchange on Prem. konnte man ein Scope erstellen das zb. ein Account nur bestimmte Postfächer administrieren kann. Gibt es so etwas auch unter Exchange Online das ich ein Scope erstellen kann?
VG
Dennis
wir befinden uns gerade in der Migration nach Exchange Online.
Unter Exchange on Prem. konnte man ein Scope erstellen das zb. ein Account nur bestimmte Postfächer administrieren kann. Gibt es so etwas auch unter Exchange Online das ich ein Scope erstellen kann?
VG
Dennis
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 668112
Url: https://administrator.de/contentid/668112
Ausgedruckt am: 27.09.2024 um 03:09 Uhr
7 Kommentare
Neuester Kommentar
Moin,
nicht das ich wüsste.
Grüße
nicht das ich wüsste.
Grüße
Moin,
meinst du sowas: https://blog.atwork.at/post/Delegated-Administration-in-Exchange-Online
Gruß,
Dani
meinst du sowas: https://blog.atwork.at/post/Delegated-Administration-in-Exchange-Online
Gruß,
Dani
Vielen Dank.
Punkt 2 müsste es sein:
New-ManagementScope
VG
Dennis
Punkt 2 müsste es sein:
New-ManagementScope
VG
Dennis
Das wäre passend:
https://msryanph.wordpress.com/2012/07/10/exchange-online-365-administra ...
New-ManagementScope -Name “DomainX.com Management Scope” -RecipientRestrictionFilter -RecipientRestrictionFilter {WindowsEmailAddress -like *@DomainX.com}
Weiß jemand ob ich da auch 2 E-Mail Domänen hinzufügen kann?
https://msryanph.wordpress.com/2012/07/10/exchange-online-365-administra ...
New-ManagementScope -Name “DomainX.com Management Scope” -RecipientRestrictionFilter -RecipientRestrictionFilter {WindowsEmailAddress -like *@DomainX.com}
Weiß jemand ob ich da auch 2 E-Mail Domänen hinzufügen kann?
{(WindowsEmailAddress -like "*@DomainX.com") -or (WindowsEmailAddress -like "*@DomainY.com" }
1
Sorry Tippfehler, lässt sich hier leider gerade nicht nachbearbeiten wegen Fehlermeldung deswegen neuer Kommentar
{(WindowsEmailAddress -like "*@DomainX.com") -or (WindowsEmailAddress -like "*@DomainY.com")}
Scope erstellt, danach hatte ich keine Rechte mehr, wohl selbst ausgesperrt wie hier beschrieben.......
2. Create a new exclusive management scope with UPN as recipient restriction filter:
New-ManagementScope -Name "Protect dominikhoefling.com" -RecipientRestrictionFilter { UserPrincipalName -Like "*dominikhoefling.com*} -Exclusive
Note: be careful with exclusive scopes! There will be a confirm message after you ran the cmdlet:
When you create exclusive management scopes, only users or universal security groups that are assigned exclusive scopes that contain objects to be
modified will be able to access those objects. Users or USGs that aren't assigned an exclusive scope that contains the objects will immediately lose
access to those objects. Are you sure you want to create the dominikhoefling.onmicrosoft.com\Protect dominikhoefling.com exclusive scope?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
What is a exclusive scope and why are we using this? When you create an exclusive scope, only those who are assigned that exclusive scope, or an equivalent exclusive scope, can modify the objects that match the scope. Role assignees who aren't assigned that exclusive scope, or an equivalent, can't modify the objects that match the scope, even if their own roles have scopes that would otherwise include the objects. Exclusive scopes override any other regular scope that isn't exclusive. This behavior is similar to how a deny access control entry (ACE) on an Active Directory access control list (ACL) functions. Source: https://technet.microsoft.com/en-us/library/dd638110(v=exchg.150).aspx
Hab die Scope dann schnell gelöscht und nun passt es wieder.
Hat da jemand Erfahrung mit?
2. Create a new exclusive management scope with UPN as recipient restriction filter:
New-ManagementScope -Name "Protect dominikhoefling.com" -RecipientRestrictionFilter { UserPrincipalName -Like "*dominikhoefling.com*} -Exclusive
Note: be careful with exclusive scopes! There will be a confirm message after you ran the cmdlet:
When you create exclusive management scopes, only users or universal security groups that are assigned exclusive scopes that contain objects to be
modified will be able to access those objects. Users or USGs that aren't assigned an exclusive scope that contains the objects will immediately lose
access to those objects. Are you sure you want to create the dominikhoefling.onmicrosoft.com\Protect dominikhoefling.com exclusive scope?
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
What is a exclusive scope and why are we using this? When you create an exclusive scope, only those who are assigned that exclusive scope, or an equivalent exclusive scope, can modify the objects that match the scope. Role assignees who aren't assigned that exclusive scope, or an equivalent, can't modify the objects that match the scope, even if their own roles have scopes that would otherwise include the objects. Exclusive scopes override any other regular scope that isn't exclusive. This behavior is similar to how a deny access control entry (ACE) on an Active Directory access control list (ACL) functions. Source: https://technet.microsoft.com/en-us/library/dd638110(v=exchg.150).aspx
Hab die Scope dann schnell gelöscht und nun passt es wieder.
Hat da jemand Erfahrung mit?
