Minimal Message Tracking Admin Role

  1. # PS Module
  2. Connect-ExchangeOnline
  3.  
  4. # Variables
  5. $RoleGroup = "Custom Message Tracking Admin Group"
  6. $RoleName = "Minimal Message Tracking Admin Role"
  7. $Administrators = "fk@fikas.eu","jk@fikas.eu"
  8.  
  9. # Custom Role Creation
  10. New-ManagementRole -Name $RoleName  -Description "Allows using Get-MessageTrace and Get-MessageTraceDetail cmdltes only" -Parent "View-Only Recipients"
  11. $RoleEntries = (Get-ManagementRole $RoleName).RoleEntries
  12. $UnneededCmdlets = @()
  13. foreach($RoleEntry in $RoleEntries){$UnneededCmdlets += $($RoleEntry.split(" "))|where-object{$_ -like "*-*" -and $_ -notlike "-*"}}
  14. $UnneededCmdlets = $UnneededCmdlets|where-object{$_ -notlike "Get-MessageTraceDetail" -and $_ -notlike "Get-MessageTrace"}
  15. foreach($UnneededCmdlet in $UnneededCmdlets){Remove-ManagementRoleEntry "$RoleName\$UnneededCmdlet" -Confirm:$false}
  16. New-RoleGroup -Name $RoleGroup -Roles $RoleName
  17.  
  18. # Role Assignment
  19. Update-RoleGroupMember -Identity $RoleGroup -Members $Administrators -Confirm:$false