Ø When you open the Exchange Management console/Exchange Management Shell on Exchange 2010 Server you may get the Error: “The User Domain.local/Users/Administrator isn’t assigned to any management roles” on Exchange 2010 Management Console.

Ø Below screenshot has the error which will be generated when the Exchange Management Console is opened.


Possible Reasons which may cause this issue:

1. When EMC session was requested by the User Client-Side RunSpace request ServerSide RunSpace where the IIS+RBAC Stack authorization will be taken care of. While this process, The user requesting for the Exchange Management Console Session or Shell Session is identified to miss RBAC Roles that are to be there.

2. While in environment’s coexistent with Exchange 2010 & Exchange 2003 Servers Coexist, the above symptom may appear in case if there is Inheritance Block for the user who get above message on EMC. To check whether if there is inheritance block or not; Run EXBPA Health check and that should give the information about the block and also how to go about correcting the Inheritance Block Issue!

3. While the process of Installation; Setup.com /prepareAD creates the Exchange Security Groups which will be located under the “Microsoft Exchange Security Groups” Container. There are instances where these groups may be duplicated with 1 added as suffix for example: “Exchange Servers1”.

Ø Ideally, “Exchange Servers1” and other group with Suffix ‘1’ to their name would be the active groups. But, unknowingly by mistake if the “Exchange Servers1” are deleted then the OtherWellKnownObjects on the “Microsoft Exchange” container on the ADSIEDITmay be tampered. As a result, RBAC permissions will be broken due to which Exchange Management console/Exchange Management Shell will generate the above message!

Reasons specified are the possible reasons which will cause the EMC/EMS to fail with Error message displayed as above!

Ø If we are not able to identify the route cause and the possible reason, then we may try to propagate the RBAC permissions for the user again! procedure is as below:

1. Open Windows Powershell as “Run As Administrator”

2. Load the setup Snapin with the command: Add-Pssnapin *Setup*

3. Run the commands one after the other to propagate the RBAC to the user who is logged on to the Exchange Server.

a. Install-CannedRbacRoleAssignments –InvocationMode Install

b. Install-CannedRbacRoles

c. Install-CannedRbackRoleAssignmentsRAP

d. Install-CannedAddressLists

Now, Close & Launch Exchange Management Console/Shell and hopefully this should have resolved the issue!

Hope this Helps! Also, in case if you have any information that you would like to add please leave a comment!