Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Add-ADPermission and Remove-ADPermission can be run outside the management scope in Exchange Server 2013

Add-ADPermission and Remove-ADPermission can be run outside the management scope in Exchange Server 2013

View products that this article applies to.

Symptoms

Assume that you create a role assignment policy for the Active Directory permissions role with a scope that limits permissions of the cmdlets to the organizational unit that is specified in Microsoft Exchange Server 2013. The Add-ADPermission and Remove-ADPermission cmdlets can be run against any user object unexpectedly, even if the user object is outside the management scope. 

Note The Add-ADPermission and Remove-ADPermission cmdlets can check whether the user who is being updated is within the management scope for the account that is running the cmdlet.

↑ Back to the top

Resolution

To resolve this issue, install Cumulative Update 7 for Exchange Server 2013.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about the Add-ADPermission cmdlet, see the general information about Add-ADPermission.

For more information about the Remove-ADPermission cmdlet, see the general information about Remove-ADPermission.

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2988553
Revision : 1
Created on : 1/7/2017
Published on : 12/9/2014
Exists online : False
Views : 423