(or determining RBAC Permissions)
- Get-ManagementScope - displays defined scopes, or details of a individual scope.
- Get-ManagementRole
- GetChildren – enumerate roles of immediate children
- Recurse – enumerate roles of children and the children of those roles
- Cmdlet – enumerate roles include this specific cmdlet
- CmdletParameters – enumerate roles include this specific parameter
- RoleType
- ViewOnlyRecipients, TransportQueues, MyContactInformation, MyDistributionGroups
- http://technet.microsoft.com/en-us/library/dd298116.aspx
- Get-ManagementRoleEntry – shows all the role entries in a Management role (Ex: Get-ManagementRoleentry “Recipient Policies\*”)
- Get-RoleGroup – shows all the groups or if you specify one with –ID will give you details on that group
- Get-RoleGroupMember – shows all the group’s members (ex: Get-RoleGroupMember “Organization Management”)
- Get-RoleAssignmentPolicy – Shows the role assignment policies
- Get-ManagementRoleAssignment
- http://technet.microsoft.com/en-us/library/dd351024.aspx
- Examples:
- Get-ManagementRoleAssignment –Role “Organization Configuration” –GetEffectiveUser –Delegating $False | FL Name, RoleAssigneeName, EffectiveUserName, AssignmentChain (shows the users and groups that have Org Config RBAC permissions)
- Get-ManagementRoleAssignment -WritableRecipient administrator –GetEffectiveUsers (shows the users that can make changes to administrator)
Note: As with all powershell commands you can use help cmdlet –examples to get more info (ex: help Get-ManagementRoleAssignment –Examples)
