Organization Management

The Organization Management management role group is one of several built-in role groups that make up the Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server 2013. Role groups are assigned one or more management roles that contain the permissions required to perform a given set of tasks. The members of a role group are granted access to the management roles assigned to the role group. For more information about role groups, see Understanding management role groups.

Administrators that are members of the Organization Management role group have administrative access to the entire Exchange 2013 organization and can perform almost any task against any Exchange 2013 object, with some exceptions. By default, members of this role group can’t perform mailbox searches and management of unscoped top-level management roles. For more information, see the “Delegating Only Role Assignments” section later in this topic.

The Organization Management role group is a very powerful role and as such, only users or universal security groups (USGs) that perform organizational-level administrative tasks that can potentially impact the entire Exchange organization should be members of this role group.

This role group is equivalent to the Exchange Organization Administrators role in Exchange Server 2007.

By default, the account that’s used to install Exchange 2013 in the organization is added as a member of the Organization Management role group. This account can then add other members to the role group as needed.

If you want to add or remove members to or from this role group, see Manage role group members.

By default, only members of the Organization Management role group can add or remove members from this role group.

Server management

Administrators who are members of this role group can configure server-specific configuration of transport , client access, and mailbox features such as database copies, certificates, transport queues and Send connectors, virtual directories, and client access protocols. But members don’t have permissions to perform operations that have global impact in the Exchange organization, for example, it can not add User mailbox.


Organization management:

Understanding management role groups: