Find OUT Who Has Access To Mailbox Import Export Role

Share & Comment

I got an email from an Exchange admin asking me a way to find who has the rights to export & import mailbox data from/to PSTs. The answer is a quick one-liner in the Exchange Shell.

We know that the “Mailbox Import Export” role is not assigned to anyone by default, even to the Org Management group. We can assign a user/group the permission by running the following command in Exchange Shell.

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “username” or

New-ManagementRoleAssignment –Role “Mailbox Import Export” –SecurityGroup “group name”

Assign mailbox import export role

But, how will we find who has the rights currently? Run the following in the Shell to find out.

Get-ManagamentRoleAssignment –Role “Mailbox Import Export” | fl RoleAssigneeName

Find who has access to mailbox import export

The reason why Organization Management comes up, even though I haven’t explicitly given the rights (which I can), is because of the fact that members of the Organization Management group can delegate the “Mailbox Import Export” role to either themselves or others. It will become clear if you add the RoleAssignmentDelegationType parameter in the output.

Org Mgmt in mailbox import export role

Share & Comment
Subscribe for Updates
Never miss a blog post again
About the author: Exchange Architect, Blogger, Husband & Dad. I have been in IT for the last 11 years, with Exchange Server becoming the prime area in the last few years. I am active on TechNet forums & Experts Exchange.

6 comments… add one

  1. Good stuff. As always very clear instructions – well done Rajith

    1. Rajith Enchiparambil

      Thanks Jonas.

  2. chw

    typo: Get-ManagAmentRoleAssignment

    1. Rajith Enchiparambil

      Thanks Chw.

  3. Hi Rajith.. Back again ;)

    A quick question – I thought the members of the “Organization Management” weren’t allowed to use the commands and that one (or a group one was a member of) explicitly had to be added (as Regular) in order to for example run new-mailboxexportrequest..

    Can you clarify?
    Has this maybe changed in Ex2010 SP2?


    1. HI Jonas,

      It could be that I gave Org management the rights for export/import much earlier.
      I dont think it has changed in SP2.


Leave a Comment