Permissions to Manage Unified Messaging Servers

[This is pre-release documentation and subject to change in future releases. This topic's current status is: Editing.]

Applies to: Exchange Server 2010* *Topic Last Modified: 2009-08-11

To perform administrative tasks on a server that's running Microsoft Exchange Server 2010 that has the Unified Messaging (UM) server role installed, you must have the required permissions for the user account that you are logged on with. Administrative tasks can be delegated or assigned to users by using Exchange 2010 administrative roles.

The following table summarizes the minimum permissions that are required to perform administrative tasks on a Unified Messaging server.

Unified Messaging administrator permissions

Task Exchange Organization Administrators Exchange Server Administrators Exchange Recipient Administrators Exchange View-Only Administrators

Get-UMActiveCalls

 

X

 

 

Disable-UMAutoAttendant

X

 

 

 

Enable-UMAutoAttendant

X

 

 

 

Get-UMAutoAttendant

 

 

 

X

New-UMAutoAttendant

X

 

 

 

Remove-UMAutoAttendant

X

 

 

 

Set-UMAutoAttendant

X

 

 

 

Test-UMConnectivity

 

X

 

 

Get-UMDialplan

 

 

 

X

New-UMDialplan

X

 

 

 

Remove-UMDialplan

X

 

 

 

Set-UMDialplan

X

 

 

 

Get-UMHuntGroup

 

 

 

X

New-UMHuntGroup

X

 

 

 

Remove-UMHuntGroup

X

 

 

 

Disable-UMIPGateway

X

 

 

 

Enable-UMIPGateway

X

 

 

 

Get-UMIPGateway

 

 

 

X

New-UMIPGateway

X

 

 

 

Remove-UMIPGateway

X

 

 

 

Set-UMIPGateway

X

 

 

 

Disable-UMMailbox

 

 

X

 

Enable-UMMailbox

 

 

X

 

Get-UMMailbox

 

 

X

 

Set-UMMailbox

 

 

X

 

Get-UMMailboxPIN

 

 

X

 

Set-UMMailboxPIN

 

 

X

 

Get-UMMailboxPolicy

 

 

 

X

New-UMMailboxPolicy

X

 

 

 

Remove-UMMailboxPolicy

X

 

 

 

Set-UMMailboxPolicy

X

 

 

 

Disable-UMServer

 

X

 

 

Enable-UMServer

 

X

 

 

Get-UMServer

 

 

 

X

Set-UMServer

 

X

 

 

Important

Logging on to a computer by using full administrative credentials may pose a security risk to the computer and the network. Therefore, as a security best practice, don't log on to a computer by using full administrative credentials when you want to perform routine administrative tasks. Instead, you can use the Secondary Logon service or the Run as command to start applications or additional commands in a different security context without having to log off the computer. The Run as command prompts you to enter different credentials before the application or command can run. For more information about the Run as command, see Using Run as in Windows Server 2003, Standard Edition online Help.

For More Information

Overview of Permissions