There might be a requirement to delegate the management of contacts for all the staffs especially for the HR team.Since the staffs position title change, phone numbers, city, extension , address change will happen randomly for all the staffs.

Its better to delegate this task alone to the HR team member so that the help desk calls for changing these information will be reduced. Also there is no need to wait for a period of time to make these changes from the help desk team.

Basically we can create a custom RBAC role and assign this to a HR staff who would be able to manage this task through ECP .

Create a new management role :

New-ManagementRole -Parent “Mail Recipients” -Name “Contact Management”

Now we need to create a new role group

Create a new role group :

New-RoleGroup –Name “Contact Editor” –Roles “Contact Management”

Remove all of the unwanted cmdlets from our newly created  role, since we need to give the bare minimum permission of modifying only  the contacts.

Get-managementRoleEntry “Contact Management\*” | where { $_.Name –ne “Set-User”} | Remove-ManagementRoleEntry

Add only the required entries for the new role

Set-ManagementRoleEntry “Contact Management\Set-User” -Parameters “Phone,city,phone,fax,mobilephone,department,title,street address”

New-ManagementRoleAssignment -Role Contact Management -User TestITHRAdmin

Run the below command to check and ensure that only set-user  editor rights are assigned Get-managementRoleEntry “Contact Management\*”

When this RBAC role  person can login through ECP  and he would be able to manage only the AD contacts

Thanks 

Sathish Veerapandian

MVP – Exchange Server