If you are running Exchange 2013 or Exchange 2016, sometimes admins make changes to groups and after the topology refresh, you login to the EAC and come across the following error when you click on the Organization Management Group and you notice you cannot perform your daily admin tasks:

You can’t copy this role group here You can’t copy this role group here because it contains roles that were assigned using multiple write scopes or exclusive write scopes.

Exchange 2016:- organization management role error
Exchange 2016:- Organization Management Role error 1

You will notice that you cannot manage this group from the Exchange Admin Center (EAC), everything is pretty much greyed out. So what is the steps to fix this?

For starters, if this is a brand new installation of Exchange, you could possibly remove all the Exchange Security groups and then run the PrepareAD command again to recreate them all. That is quite a big step.

The other option you have is to do an export of the Organization Management role info, you can do this by running the following command:

  • Get-ManagementRoleAssignment -RoleAssignee “Organization Management” | export-csv c:\Output\RBAC-OrgMgmnt.csv

If you look at the CustomRecipientWriteScope you will notice what changes have been done, now you can run the following command below to reset it back:

  • Set-ManagementRoleAssignment “GroupInfo” -RecipientRelativeWriteScope Organization

Once you have completed the ones that were changed, you should be able to manage the group again.

Hope it helps.

    wpChatIcon

    Discover more from COLLABORATION PRO

    Subscribe now to keep reading and get access to the full archive.

    Continue reading