I had a customer who needed re-created the default Exchange Groups under the "Microsoft Exchange Security Groups" organisational unit. This was done as someone had moved these groups to another location (not supported) and the support engineer was unable to move the groups back to the original location due to an error.
Moving the default groups results in you being unable to:
- Install new Exchange Servers into the organisation
- Perform Cumulative Updates
- Perform Recover Server installations
The server is fully functional, however administrators are unable to administer Exchange.
The only way we were able to access Exchange with administration access was to add the Exchange Snap-in from an administrative PowerShell.
To re-store the default Role Based Access Control objects to factory install, use the following commands from an administrative command prompt.
Install-CannedRbacRoleAssignments –InvocationMode Install –Verbose