Announcement

Collapse
No announcement yet.

Default Role Assignment Policy blown up! Need Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Default Role Assignment Policy blown up! Need Help

    Hello everyone.

    I goofed up bad today. I i removed all my roles from my Default Role Assignment Policy in Exchange 2010.

    I unchecked the following ALL the Roles under this Policy. So now i can longer to back in to ECP because it says access denied.

    After i unchecked all the boxes i ran the following command:

    Remove-ManagementRoleAssignment "Managers-Default Role Assignment Policy"


    How can i get all the default Roles back in there using Exchange Powershell so i can get back in to ECP?

    Thanks everyone.

  • #2
    Re: Default Role Assignment Policy blown up! Need Help

    do you actively participate in the process known as a 'back-up'?
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Default Role Assignment Policy blown up! Need Help

      Originally posted by James Haynes View Post
      do you actively participate in the process known as a 'back-up'?

      Yes I do, but i am not sure what file/files to restore if there are ones.

      Comment


      • #4
        Re: Default Role Assignment Policy blown up! Need Help

        i meant restore the entire server... why did you do what you did in the first place? what were you trying to accomplish? not being cynical or facetious, just curious.

        read this and see if that helps. you will have to recreate the policy, and afterwards update the existing mailboxes so they know what policy to use... wouldnt do them much good to try and use the policy you deleted.

        Understanding Management Role Assignment Policies
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: Default Role Assignment Policy blown up! Need Help

          Originally posted by James Haynes View Post
          i meant restore the entire server... why did you do what you did in the first place? what were you trying to accomplish? not being cynical or facetious, just curious.

          read this and see if that helps. you will have to recreate the policy, and afterwards update the existing mailboxes so they know what policy to use... wouldnt do them much good to try and use the policy you deleted.

          Understanding Management Role Assignment Policies
          I am running 2 CASHUB and 2 DAG servers. Would i restore one of the CASHUB servers?

          I was trying to delete the DL_Managers Policy that i created so i could assign it to users who needed to add and remove users to DL's. But everytime i tried to remove it i kept getting errors saying it is still assigned to another policy.

          Well i am not sure a restore is neccessary because the policy is still there and there are a few roles selected. So it would seem that i should be able to add the deselected roles back to the policy.

          Below are the roles assigned to the policy.

          [PS] C:\Windows\system32>Get-RoleAssignmentPolicy | Where { $_.IsDefault -eq $True }

          RunspaceId : 762aab05-804f-4948-8796-1ce5fb38d2e2
          IsDefault : True
          Description : This policy grants end users permissions to set their Outlook Web App options and perform other self-administration tasks.
          RoleAssignments : {MyTextMessaging-Default Role Assignment Policy, MyVoiceMail-Default Role Assignment Policy}
          AssignedRoles : {MyTextMessaging, MyVoiceMail}
          AdminDisplayName :
          ExchangeVersion : 0.11 (14.0.509.0)
          Name : Default Role Assignment Policy
          DistinguishedName : CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN=Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mra,DC=co m
          Identity : Default Role Assignment Policy
          Guid : 3103bd99-04a7-424b-8630-6187d8c01519
          ObjectCategory : domain.com/Configuration/Schema/ms-Exch-RBAC-Policy
          ObjectClass : {top, msExchRBACPolicy}
          WhenChanged : 10/5/2010 2:13:16 PM
          WhenCreated : 10/5/2010 2:13:13 PM
          WhenChangedUTC : 10/5/2010 7:13:16 PM
          WhenCreatedUTC : 10/5/2010 7:13:13 PM
          OrganizationId :

          Comment


          • #6
            Re: Default Role Assignment Policy blown up! Need Help

            This is the error i am getting when im in ECP and select "Select All" under Options.

            Sorry! Access denied

            You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.

            Comment


            • #7
              Exactly the same happened to me: changed some setting in ecp website so users can edit their settings (phone) and now the ecp site is unavailable for all users.
              I have reset the ecp virtual directory en reset iis, no luck
              Does anyone have an answer allready?

              Comment


              • #8
                Found it!
                I probably disabled MyBaseOptions in the Default Role Assignment Policy
                In eventlog application I read event 4:" ...<user> wasn't able to log on as this user because the MyBaseOptions role isn't assigned to the user."
                With EMC I re-enabled this role to the administrator by using: "New-ManagementRoleAssignment -Role MyBaseOptions -User <admin-username>"
                Now the administrator can use ECP again and change the "Default Role Assignment Policy" , Enable "MyBaseOptions"

                Comment

                Working...
                X