Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

How to enforce office 365 custom "role assignment policy" applied default to all new emails to be created?

I have created a RoleAssignmentPolicy called "DisabledForwardingRoleAssignmentPolicy" via Exchange admin center --permissions-- user roles .

enter image description here

I would like to apply "DisabledForwardingRoleAssignmentPolicy" default to all new emails accounts to be created.

In gui of Exchange admin center, there seems to be no way to do this. So I did this by longing to office 365 in powershell.

The command successfully executed. and when I verify it via Get-RoleAssignmentPolicy it says DisabledForwardingRoleAssignmentPolicy is default .

But when I create a new email and when i go to recipients --mailboxes-- select user and mailbox features--- Role assignment policy , still the default policy is applied.

enter image description here

I have to change it manually to DisabledForwardingRoleAssignmentPolicy

What I'm missing here? Please shade a light.

  • email-server
  • microsoft-office

user879's user avatar

You need to run "Set-MailboxPlan" cmdlet to change the default role assignment policy to the customize one.

First, run "get-mailboxplan" to confirm which plan your license is used, as below:

Then, run "Set-MailboxPlan" to change the RoleAssignmentPolciy to the customize one:

enter image description here

  • You are truly a great resource to serverfault. thanks a lot for your time testing it before posting. I was googling and no correct path was found. It worked. –  user879 Commented May 30, 2018 at 5:21

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged email exchange email-server microsoft-office mailbox ..

  • The Overflow Blog
  • Scaling systems to manage all the metadata ABOUT the data
  • Navigating cities of code with Norris Numbers
  • Featured on Meta
  • We've made changes to our Terms of Service & Privacy Policy - July 2024
  • Bringing clarity to status tag usage on meta sites

Hot Network Questions

  • What's wrong with my app authentication scheme?
  • A short story where a space pilot has a device that sends the ship back in time just before losing a space battle. He is duplicated by accident
  • How to satisfy the invitation letter requirement for Spain when the final destination is not Spain
  • Can I use "Member, IEEE" as my affiliation for publishing papers?
  • Terminal autocomplete (tab) not completing when changing directory up one level (cd ../)
  • What was the reason for not personifying God's spirit in NABRE's translation of John 14:17?
  • How to cite a book if only its chapters have DOIs?
  • What makes a new chain suck other than a worn cassette?
  • Do "Whenever X becomes the target of a spell" abilities get triggered by counterspell?
  • Whats the purpose of slots in wings?
  • Is there a "simplest" way to embed a graph in 3-space?
  • Ways to paint a backbone on a tree
  • Who became an oligarch after the collapse of the USSR
  • Did I damage my engine?
  • Stargate "instructional" videos
  • Where exactly was this picture taken?
  • Why does the definition of a braided monoidal category not mention the braid equation?
  • An interesting example of Horizontal and Vertical Lines in TIKZ?
  • Why is Bangladesh considered significantly more corrupt than India and Pakistan by the World Bank/Brookings WGI?
  • Prove that there's a consecutive sequence of days during which I took exactly 11 pills
  • Will the US Customs be suspicious of my luggage if i bought a lot of the same item?
  • Guitar amplifier placement for live band
  • Enigmatic Puzzle 4: Three Leaf Clover
  • Trace operation as contraction - how can we contract only contravariant indices?

exchange online change default role assignment policy

ENow Software

Back to Blog

Issue with assigning exchange 2010 role-assignment policies.

Image of Theresa Miller

Theresa Miller

Exchange 2010

Have you ever needed to change your Default Role Assignment Policy in Exchange 2010 through Exchange Management Shell? An example of when you might want to do this is to prevent users from creating organizationally visible distribution lists through Outlook Web App. Recently I realized that there may be a problem with the Set-RoleAssignmentPolicy command that can be used to set your users default role assignment policy. Here is what was experienced.

Set Exchange users to the Default Role Assignment Policy

As you can see by double-clicking on the image below the following powershell command was run and indicated that all users were set with the Default Role Assignment Policy.  

Set-RoleAssignmentPolicy "Default Role Assignment Policy" –IsDefault

TM12.31.13.1

My next step was to remove my unused role assignment policy through Exchange Management Shell. 

Remove-RoleAssignmentPolicy “Policy Name Here”

TM12.31.2013 resized 600

After executing the command; which you can see by clicking on the photo above, there are users still using the policy?  What?  The first command run above had applied the default policy to everyone.

Recommendation

Run the following PowerShell command to see which users still have the old role assignment policy before attempting to remove the unused policy.  You may want to run this command to validate that your Role Management Policies are also applied as expected.

Get-Mailbox –resultsize unlimited | where {$_RoleassignmentPolicy –Eq “Policy Name Here”}

Use ADSIEDIT to resolve the issue with the users that have the incorrect Role Assignment Policy.  This can be downloaded and installed from the following location.   Download   Note that you will need Domain Administrator rights to Active Directory to do the next steps.

  • Open ADSIEDIT and Connect to the Default Naming Context for your domain.
  • Click into the structure to find the user with the incorrect role assignment policy.
  • Right-click on the user and choose properties.
  • Find the following attribute msExchRBACPolicyLink and set the path to the correct policy.  You may want to copy the full value from another user that is correctly set.
  • Click Ok to apply the change.

TM12.31.3 resized 600

Once this is complete the unused policy can be removed through Exchange Management Shell with the following command.

Remove-RoleAssignmentPolicy "Policy Name Here"

So, when using the Set-RoleAssignment Exchange Management Shell Command be sure to double-check your work as this article describes to ensure that your Role-Assignment Policies are accurately set across all of the users in your organization.

Image of Theresa Miller

Theresa is a Sr. Technical Systems Administrator and has been working as a technical expert in IT for over 18 years. Theresa has her MCSE, CCA and EPIC ECSM certifications. Her areas of expertise are in the areas of Exchange, Active Directory, Lync, SharePoint and Citrix XenApp. She has architected, designed, implemented and led complex projects in all of these areas. She also is a public speaker, speaking at events such as Briforum 2013 and upcoming will be at E2E Virtulization conference in May 2014.

Related Posts

Neon lightning bolt listing image

How to Tackle Exchange 2010 Backup and Recovery

Image of Theresa Miller

As an Exchange administrator, backup and recovery of your databases is an important aspect of your...

Exchange 2010 Attributes

How to Add an Exchange 2010 Custom Attribute using PowerShell

Every mailbox object in Exchange has a series of fields called custom attributes. These can be...

exchange online change default role assignment policy

exchange online change default role assignment policy

personal info update on office365

is it possible to give user to update their personal info in office 365? i have 150 users to have this facility.

many thanks

If you go into Exchange Admin > permissions > user roles > edit Default Role Assignment Policy > ensure MyContactInformation and MyProfileInformation are both checked.

This right here. I have advised several organizations about this exact thing.

Yes, first you need to enable the permission for end users to update the information:

In the Role Assignment Policy window, under Contact Policy , make sure that the MyContactInformation and the MyProfileInformation check boxes are selected.

How to update contact information

  • Sign in to Outlook Web App.
  • Click Settings , and then click Options .
  • In the left navigation pane, click Account , and then click Edit Information .
  • Make the changes that you want, and then click Save .

Just checking in to see if above information was helpful.

If the issue has been resolved, please mark the helpful replies as answers.

Related Topics

Topic Replies Views Activity
Cloud Computing & SaaS 3 113 September 1, 2015
Cloud Computing & SaaS 3 873 October 3, 2019
Cloud Computing & SaaS ,  ,  3 109 January 9, 2019
Cloud Computing & SaaS 4 254 May 27, 2016
General ,  ,  1 215 March 13, 2024

exchange online change default role assignment policy

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Manage role assignment policies

  • 6 contributors

Applies to: Exchange Server 2013

If you want to customize the permissions that you assign to a group of end users, create a new custom management role assignment policy. The assignment policy you create can be customized to suit your end user's specific requirements. For more information about assignment policies in Microsoft Exchange Server 2013, see Understanding management role assignment policies .

Looking for other management tasks related to managing permissions? Check out Permissions .

What do you need to know before you begin?

Estimated time to complete each procedure: 5 minutes

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Assignment policies" entry in the Role management permissions topic.

For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center .

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server .

Add an assignment policy

After you've created the new assignment policy, you assign users to it. For more information, see Change the assignment policy on a mailbox .

Use the EAC to create a new assignment policy

You can only create explicit assignment policies using the Exchange admin center (EAC). If you want to create a new default assignment policy, you must use the Exchange Management Shell. For more information, see the "Use the Shell to create a default assignment policy" section later in this topic.

In the role assignment policy window, provide a name for the new assignment policy.

Select the check box next to the role or roles you want to add to the assignment policy. You can select multiple roles, including end-user roles you've added. If you select a role that has child roles, the child roles are automatically selected.

Click Save to save the changes to the assignment policy.

Use the Shell to create an explicit assignment policy

To create an explicit assignment policy that can be manually assigned to mailboxes, use the following syntax.

This example creates the explicit assignment policy Limited Mailbox Configuration and assigns the MyBaseOptions , MyAddressInformation , and MyDisplayName roles to it.

For detailed syntax and parameter information, see New-RoleAssignmentPolicy .

Use the Shell to create a default assignment policy

To create a default assignment policy assigned to new mailboxes, use the following syntax.

This example creates the default assignment policy Limited Mailbox Configuration and assigns the MyBaseOptions , MyAddressInformation , and MyDisplayName roles to it.

Remove an assignment policy

If you no longer need a management role assignment policy, you can remove it.

All users assigned the assignment policy must be changed to another assignment policy. For more information about how to change an assignment policy on a mailbox, see Change the assignment policy on a mailbox .

All the management role assignments between the assignment policy and the assigned management roles must be removed. For more information about how to remove a role assignment from an assignment policy, see the Use the Shell to remove a role from an assignment policy section later in this topic.

If you want to remove a default assignment policy, it must be the last assignment policy in the Exchange 2013 organization.

Use the EAC to remove an assignment policy

In the EAC, navigate to Permissions > User Roles .

Use the Shell to remove an assignment policy

To remove an assignment policy, use the following syntax.

This example removes the New York Temporary Users assignment policy.

For detailed syntax and parameter information, see Remove-RoleAssignmentPolicy .

View a list of assignment policies or assignment policy details

You can view management role assignment policies in a variety of ways, depending on the information you want and whether you're using the EAC or the Shell.

In the EAC, you can view the list of assignment policies and the roles assigned to them. In the Shell, you can view all the assignment policies in your organization, list the mailboxes assigned a specific policy, and more.

Use the EAC to view a list of assignment policies

In the EAC, navigate to Permissions > User Roles . All of the assignment policies in the organization are listed here.

To view the details of a specific assignment policy, select the assignment policy you want to view. The description and the roles assigned to the assignment policy are displayed in the details pane.

Use the Shell to view a list of assignment policies

You can view a list of all the assignment policies in your organization by not specifying any assignment policies when you run the Get-RoleAssignmentPolicy cmdlet.

This procedure makes use of pipelining and the Format-Table cmdlet. For more information about these concepts, see the following topics:

about_Pipelines

Working with command output

To return a list of all assignment policies in your organization, use the following command.

To return a list of specific properties for all the assignment policies in your organization, you can pipe the results to the Format-Table cmdlet and specify the properties you want in the list of results. Use the following syntax.

This example returns a list of all the assignment policies in your organization and includes the Name and IsDefault properties.

For detailed syntax and parameter information, see Get-Mailbox or Get-RoleAssignmentPolicy .

Use the Shell to view the details of a single assignment policy

You can view the details of a specific assignment policy by using the Get-RoleAssignmentPolicy cmdlet and piping the output to the Format-List cmdlet.

This procedure makes use of pipelining and the Format-List cmdlet. For more information about these concepts, see the following topics:

To view the details of a specific assignment policy, use the following syntax.

This example views the details about the Redmond Users - no Text Messaging assignment policy.

Use the Shell to find the default assignment policy

You can find the default assignment policy by piping the output of the Get-RoleAssignmentPolicy cmdlet to the Where cmdlet. With the Where cmdlet, filter the data returned to display only the assignment policy that has its IsDefault property set to $True .

This procedure makes use of pipelining and the Where cmdlet. For more information about these concepts, see the following topics:

This example returns the default assignment policy.

Use the Shell to view mailboxes that are assigned a specific policy

You can find all the mailboxes assigned a specific assignment policy by piping the output of the Get-Mailbox cmdlet to the Where cmdlet. With the Where cmdlet, filter the data returned to display only the mailboxes that have their RoleAssignmentPolicy property set to the assignment policy name you specify.

Use the following syntax.

This example finds all the mailboxes assigned the policy Vancouver End Users.

Change the default assignment policy

You can change the management role assignment policy assigned to new mailboxes that are created. Changing the default role assignment policy doesn't change the assignment policy assigned to existing mailboxes. To change the assignment policy assigned to existing mailboxes, see Change the assignment policy on a mailbox .

You can't use the EAC to change the default assignment policy. You need to use the Shell.

Use the Shell to change the default assignment policy

To change the default assignment policy, use the following syntax.

This example sets the Vancouver End Users assignment policy as the default assignment policy.

New mailboxes are assigned the default assignment policy even if the policy hasn't been assigned management roles. Mailboxes assigned assignment policies with no assigned management roles can't access any mailbox configuration features in Microsoft Outlook Web App.

For detailed syntax and parameter information, see Set-RoleAssignmentPolicy .

Add a role to an assignment policy

Use the eac to add a role to an assignment policy, use the shell to add a role to an assignment policy.

To create a management role assignment between a role and an assignment policy, use the following syntax.

This example creates the role assignment Seattle Users - Voicemail between the MyVoicemail role and the Seattle Users assignment policy.

For detailed syntax and parameter information, see New-ManagementRoleAssignment .

Remove a role from an assignment policy

If you don't want end users to have permissions to manage certain features of their mailbox or distribution group, you can remove the management role that grants the permissions from the management role assignment policy to which the user is assigned. If other users are assigned the same assignment policy, they also lose the ability to manage that feature.

Use the EAC to remove a role from an assignment policy

Clear the check box next to the role or roles you want to remove from the assignment policy. If you clear the check box for a role that has child roles, the check boxes for the child roles are also cleared.

Use the Shell to remove a role from an assignment policy

You can remove roles from assignment policies by retrieving the associated management role assignment using the Get-ManagementRoleAssignment cmdlet and then piping the role assignment returned to the Remove-ManagementRoleAssignment cmdlet.

For more information about regular and delegating role assignments, see Understanding management role assignments .

This procedure uses pipelining. For more information about pipelining, see about_Pipelines .

To remove a role from an assignment policy, use the following syntax.

This example removes the MyVoicemail management role, which enables users to manage their voice mail options, from the Seattle Users assignment policy.

For detailed syntax and parameter information, see Remove-ManagementRoleAssignment .

Additional resources

IMAGES

  1. Exchange Server permissions, permissions Exchange Server, Exchange

    exchange online change default role assignment policy

  2. Working with role assignment policies in Exchange Server 2016

    exchange online change default role assignment policy

  3. Working with role assignment policies in Exchange Server 2016

    exchange online change default role assignment policy

  4. Share your Knowledge: Exchange Permissions

    exchange online change default role assignment policy

  5. 55. Create and Manage User Role Assignment Policy in Exchange 2019

    exchange online change default role assignment policy

  6. Working with role assignment policies in Exchange Server 2016

    exchange online change default role assignment policy

COMMENTS

  1. Role assignment policies in Exchange Online

    Use the EAC to create role assignment policies. In the EAC, go to Roles > Admin roles and then click Add role group. In the Add role group window, click Set up the basics section, configure the following settings and click Next: Name: Enter a unique name for the role group.

  2. Manage role assignment policies

    For detailed syntax and parameter information, see Set-RoleAssignmentPolicy.. Add a role to an assignment policy Use the EAC to add a role to an assignment policy. In the EAC, navigate to Permissions > User Roles.. Select the assignment policy you want to add one or more roles to, and then click Edit.. Select the check box next to the role or roles you want to add to the assignment policy.

  3. Set-RoleAssignmentPolicy (ExchangePowerShell)

    Description. You can use the Set-RoleAssignmentPolicy cmdlet to change the name of an assignment policy or to set the assignment policy as the default assignment policy. For more information about assignment policies, see Understanding management role assignment policies. You need to be assigned permissions before you can run this cmdlet.

  4. Exchange Online: Default Role Assignment Policy

    Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" | Format-Table Name,Role -Auto. And run the below CMD to remove the role. Remove-ManagementRoleAssignment -Identity "MyBaseOptions-DisableForwarding-Default Role Assignment Policy". Then compare your snipping tool and results from after removing the role.

  5. Allowing user to edit their profile

    Yes, that is where I tried. The user is assigned with the "Default Role Assignment Policy". And the role by default comes with profile updating right. But OWA still indicates no such permission to update profile.

  6. exchange

    You need to run "Set-MailboxPlan" cmdlet to change the default role assignment policy to the customize one. First, run "get-mailboxplan" to confirm which plan your license is used, as below: Get-MailboxPlan |fl identity,RoleAssignmentPolicy Then, run "Set-MailboxPlan" to change the RoleAssignmentPolciy to the customize one:

  7. Office 365

    The "Default Role Assignment Policy" is assigned to every mailbox and " grants end users the permission to set their options in Outlook on the web and perform other self-administration tasks ". You'll find the policy in the Exchange Admin Center under "Permissions" and "User Roles".

  8. Troubleshooting RBAC configuration issues in Exchange Online

    Now let's check the Role Assignments for these roles: The figure above shows the expected output; unless you have custom RBAC configured or you have customized the Exchange default management role groups, you need to pay attention to the value RoleAssignmentDelegationType, which could be Regular or DelegatingOrgWide.

  9. How to set the default role assignment policy?

    If so, it will be the default policy automatically after saving your settings. If you want to replace the built-in default role assignment policy with your own default role assignment policy, you can use the Set-RoleAssignmentPolicy cmdlet to select a new default. When you do this, any new mailboxes are assigned the role assignment policy you ...

  10. Enable-OrganizationCustomization cmdlet failed

    To replace the built-in default role assignment policy with your own default role assignment policy, you can use the Set-RoleAssignmentPolicy cmdlet to select a new default. When you do this, any new mailboxes are assigned the role assignment policy you specified by default if you don't explicitly specify a role assignment policy. More ...

  11. Allow O365 users to change their own contact information

    By the way, please double check if you assigned the default policy to your users ( Concerned that you may change it before ) You can check it via Recipients > Mailbox > Click a user to open the settings > Mailbox features > Role assignment policy. Please note, the changes you did in the EAC may need some time to take effect, please wait for ...

  12. New-RoleAssignmentPolicy (ExchangePowerShell)

    New mailboxes or mailboxes moved from previous versions of Exchange are assigned the default assignment policy when an explicit assignment policy isn't provided. Setting an assignment policy as default doesn't change the role assignment on existing mailboxes. To change the assignment policies on existing mailboxes, use the Set-Mailbox cmdlet.

  13. Multiple default role assignment policies

    Hi, wonder if anyone can help. I have a user with 3 'default role assignment policies' set in Office365 under the Exchange admin section (permissions > user roles). There should only be one such policy. This is causing a problem when I setup new users with a mailbox - I see the message below and their mailbox setup never completes. I can't work out how to remove the 2 other policies (we ...

  14. Need PowerShell command to get role assignment policy for all mailboxes

    1.What role assignment policy is assigned to all our mailboxes in Office 365. "Default Role Assignment Policy" is assigned to existing and new mailboxes that aren't explicitly assigned a specific role assignment policy when they're created. The policy contains 13 roles for "commonly used permissions" as defined by Microsoft.

  15. Permissions in Exchange Online

    For more information, see Role assignment policies in Exchange Online. Role names that start or end with 'Application' are part of RBAC for Applications in Exchange Online. For more information, see Role Based Access Control for Applications in Exchange Online.

  16. Add or remove roles from a role assignment policy

    Step 1: Sign in to Office 365 admin center. Step 2: Navigate to the Exchange admin center. Step 3: Go to Permissions > User roles, select the role assignment policy, and then click Edit. Step 4: Select the check box next to the role. Step 5: Click Save.

  17. Issue With Assigning Exchange 2010 Role-Assignment Policies

    Click into the structure to find the user with the incorrect role assignment policy. Right-click on the user and choose properties. Find the following attribute msExchRBACPolicyLink and set the path to the correct policy. You may want to copy the full value from another user that is correctly set. Click Ok to apply the change.

  18. User

    User - role assignment policy. Hi, We have requirement create new role assignment policy with role "my readwritemailbox" and assign to specific set of users. below is the screen shot of MY LAB config, since the implicit recipient read/write scope is organization ( Not Self ) and isenduserrole set to false. this permission is not applying to the ...

  19. O365 Default Role Assignment Policy

    The MyDistributionGroups and MyDistributionGroupMembership in the user role assignment policy will not affect the contact groups or distribution lists end users created in their own contact lists. They will applies to the Office 365 groups and the distribution groups that admins created in Office 365 EAC ( Exchange Admin Center ). Regards,

  20. personal info update on office365

    In the Role Assignment Policy window, under Contact Policy, make sure that the MyContactInformation and the MyProfileInformation check boxes are selected. How to update contact information. Sign in to Outlook Web App. Click Settings, and then click Options. In the left navigation pane, click Account, and then click Edit Information.

  21. Sign in to your account

    Can't access your account? Terms of use Privacy & cookies... Privacy & cookies...

  22. Get-RoleAssignmentPolicy (ExchangePowerShell)

    For more information about assignment policies, see Understanding management role assignment policies. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter ...

  23. Manage role assignment policies: Exchange 2013 Help

    In the EAC, navigate to Permissions > User Roles and then click Add . In the role assignment policy window, provide a name for the new assignment policy. Select the check box next to the role or roles you want to add to the assignment policy. You can select multiple roles, including end-user roles you've added.

  24. Exchange online users unable to change personal info

    Exchange online users unable to change personal info I have double checked that the default role assignment policy (All users have the default role assignment policy.) is set correctly to allow users to update their contact info, profile info, etc... however the users can't do any of this. ...