There might be a requirement to delegate the management of contacts for all the staffs especially for the HR team.Since the staffs position title change, phone numbers, city, extension , address change will happen randomly for all the staffs.
Its better to delegate this task alone to the HR team member so that the help desk calls for changing these information will be reduced. Also there is no need to wait for a period of time to make these changes from the help desk team.
Basically we can create a custom RBAC role and assign this to a HR staff who would be able to manage this task through ECP .
Create a new management role :
New-ManagementRole -Parent “Mail Recipients” -Name “Contact Management”
Now we need to create a new role group
Create a new role group :
New-RoleGroup –Name “Contact Editor” –Roles “Contact Management”
Remove all of the unwanted cmdlets from our newly created role, since we need to give the bare minimum permission of modifying only the contacts.
Get-managementRoleEntry “Contact Management\*” | where { $_.Name –ne “Set-User”} | Remove-ManagementRoleEntry
Add only the required entries for the new role
Set-ManagementRoleEntry “Contact Management\Set-User” -Parameters “Phone,city,phone,fax,mobilephone,department,title,street address”
New-ManagementRoleAssignment -Role Contact Management -User TestITHRAdmin 
Run the below command to check and ensure that only set-user editor rights are assigned Get-managementRoleEntry “Contact Management\*” 
When this RBAC role person can login through ECP and he would be able to manage only the AD contacts
Thanks
Sathish Veerapandian
MVP – Exchange Server
Tej Pratap
Ewald Hollestelle
Sathish Veerapandian
Leave a Reply