EXCHANGE RBAC(基于角色的访问控制)管理工具

兼容:

server 2012 r2 (需安装.net framework 3.5)

exchange 2013 sp1 cu15


下载地址:

http://rbac.codeplex.com/


说明:

Customizing RBAC roles is in most cases not something that is a frequent task, so it can take a while to familiarize and re-familiarize with the concept and all cmdlets. But if your organization does not fit in the default roles, you will have to dig into it.

However, I came across a tool that would make customizing a lot easier. It’s the RBAC Manager R2 for Exchange. It’s currently posted on Codeplex, including the source code (it’s in C#). It states that it works with Exchange 2010, Exchange 2013 preview and Office 365. The last update was from September 2011, however I’ve found no issues working with Exchange 2013 CU5. Install it on a domain joined computer with .Net 3.5 and just enter a server FQDN and credentials and it works (in my case).

In the overview all Management Roles are presented, including any custom Role groups. Those with a parent are shown in an hierarchy. Selecting a Role Group, shows every Role Assignment, including scopes. Selecting a Management Role shows all inlcuded cmdlet. Tip: Under View>Show Parameter you can enable all parameters that are included in the Management Role. A lot easier than the PowerShell route I’ve previously blogged about here.

EXCHANGE RBAC(基于角色的访问控制)管理工具

Overview of RBAC Manager R2, showing Management Roles, Role Assignments, included cmdlets and their paramters.

Another helpful feature is the ability to search for specific cmdlets, the tool then shows every Role Group with Management Roles that include that specific cmdlet. Very handy if you need to know which Role Groups provides a certain permission. This makes the tool valuable even if you do not require RBAC customization.

You can remove Management Roles from Role Groups, cmdlets from Management Roles but you can also remove specific parameters (after enabling the view of parameters). Create new Management Roles from a parent Role. I could do everything I needed to do without using the Exchange Management Shell. And the best part? It logs the actual Exchange PowerShell commands in a text log file for reference and documentation. Nice!

It’s not a quick tool but this is just a minor irritation. It helps to provide an overview of the RBAC implementation and allows for quick editing and management of Exchange RBAC. For those that do not frequently work with RBAC and know all cmdlets and procedures by heart, this is a great addition in your tool set. I would love to see this kind of functionality added in EAC BTW.





 本文转自 烟台小崔 51CTO博客,原文链接:http://blog.51cto.com/seawind/1897490
上一篇:Exchange 日常管理七之:客户端访问服务器高可用部署


下一篇:15.24. Logging 日志