Case 1: When a member of domain administrators tries to
open Exchange Management Console, you may receive "The domain\username isn't
assigned to any management roles" message.
Resolution: you may need to add the user to the
group. To do that, open Active Directory Users and Computers>Microsoft
Exchange Security Groups. Double click on the Organization Management and
then select Members tab. Add the user to the group.
Case 2: When accessing Exchange 2010 Console, you may receive
this message: "You don't have sufficient permissions to view this
Resolution: Add the user to
group as mentioned in case 1.
Case 3: When you launch the Management Powershell, you get this
VERBOSE: Connecting to myserver.mydomain.internal
Processing data from remote server failed with the following error
The user "mydomain\administrator" isn't assigned to any management
For more information, see the about_Remote_Troubleshooting Help
Failed to connect to any Exchange Server in the current site.
whoami command confirms the user is a member of the
Exchange Organization Administrators
GPO Creator Owners
Resolution: Quoted from the internet:
There’s an issue where, if setup fails at a specific point, subsequent
attempts to install Exchange 2010 could result in the administrative
management role assignments not being created. If this happens, you will
receive errors saying you don’t have permissions to use the Exchange
Management Console or Shell. If you look at the roles assigned to the
Organization Management role group, you’ll see only roles that begin with
IMPORTANT – If you receive permissions errors when attempting to open the
console or the shell, the most common cause of this is the use of an
application on the Exchange 2010 server that uses credentials other than the
administrative credentials used to install Exchange 2010. To test whether
this is the cause any permissions problems you’re experiencing, follow the
New-PSSession instructions in the "EMC Permissions Gone" thread to open a
manual shell connection. If you receive the correct permissions using this
manual connection method, you have conflicting credentials in the Windows
credential cache. Clear out those credentials and try again. If this doesn’t
resolve your issue, please continue reading.
To determine whether this issue is the reason you are missing permissions,
perform the following steps on the Exchange 2010 server:
(This procedure requires that you search in specific directions using the
Find feature of your text editor. If your text editor doesn’t have a
direction option with the Find feature, use Notepad)
1. Open the ExchangeSetup.Log file in a text editor. This file is located in
x:\ExchangeSetupLogs where x is the Exchange 2010 installation drive.
2. Search from the top of the file in the down direction for the string
3. You should find a line that starts with the following (note: this line
may indicate a failure, that can be ignored for the purpose of this
If you see BuildToBuildUpgrade on the RoleInstallationMode line, then a
previous installation failure has caused this issue and the steps below
should resolve it. If you see Install in the RoleInstallationMode line, do
not perform the steps below. Your issue may have another cause. Start a new
thread and we’ll help you investigate your issue.
WARNING – The Install-CannedRbacRoleAssignments cmdlet could result in the
loss of role assignment customizations in the Exchange 2010 organization.
This cmdlet should only be run in association with the following procedure
on new installations of Exchange 2010.
IMPORTANT – The following procedure should only be performed if you’re
experiencing this exact issue. Do not run the Install-CannedRbacRoleAssignments
cmdlet or any other Exchange setup cmdlet (available only by using the Add-PSSnapin
cmdlet below) without direction from Microsoft. Doing so could irreparably
damage your Exchange installation.
Do the following on the Exchange 2010 server using the same account used to
install Exchange 2010.
1) Open Windows PowerShell (not the Exchange Management Shell)
a. If you have UAC enabled, right click Windows PowerShell and click Run as
2) Run Start-Transcript c:\RBAC.txt and press enter
a. This will start logging all commands and output you type to a text file.
3) Run Add-PSSnapin *setup and press enter
a. This adds the setup snap-in which contains the setup cmdlets used by
Exchange during install. You may see errors about loading a format data
file. You can ignore those errors.
DO NOT run any other cmdlets in this snap-in without direction from
Microsoft. Doing so could irreparably damage your Exchange installation.
4) Run Install-CannedRbacRoleAssignments -InvocationMode Install -Verbose
and press enter.
a. This cmdlet should create the required role assignments between the role
groups and roles that should have been created during setup.
b. Be sure you run with the Verbose switch so we can capture what the cmdlet
5) Run Remove-PSSnapin *setup and press enter
6) Run $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
http:///PowerShell/ -Authentication Kerberos and press enter
a. Be sure to replace with the FQDN of your server.
7) Run Import-PSSession $Session and press enter
8) Run Get-ManagementRoleAssignment and press enter
9) Run Stop-Transcript and press enter
When you ran the Get-ManagementRoleAssignment cmdlet above, several dozen
assignments should have been shown. If yes, try opening the EMC and see if
you have permissions to do anything, such as create a new mailbox. If yes,
then you’re set. If not, please start a new thread and indicate that you’ve
already performed this procedure. We’ll try and help you investigate your
issue. Save your setup logs and the RBAC.txt file to help with the