Seitenvergleich

...

Procedure:

Man sucht sich in der Tabelle die für die eigene Umgebung relevanten Module/Prozesse und übernimmt dann die in der Spalte “Benötigte Role/Rechte” Einträge in dem entsprechenden Admin-Center in die Konfiguration.

Für ExchangeOnlineManagement:

Im Exchange Admin Center unter “Admin Roles” → “Roles” One looks for the modules/processes relevant for the own environment in the table and takes over then the entries in the column "Needed Role/Rights" in the appropriate Admin center into the configuration.

For ExchangeOnlineManagement:

In the Exchange Admin Center under "Admin Roles" → "Roles" (https://admin.exchange.microsoft.com/#/adminRoles ) eine neue “Role Group” erzeugen, die Roles hinterlegen und die neu angelegten Role Group zuweisen:

Bei Basic Auth(Achtung, seit 1. Oktober 2022 deprecated): Dem User, dessen Credentials in der stanocPowerHelper.ps1 hinterlegt sind

Für die Kombination Modern Auth und App gilt, dass der App die “Exchange Administrator” Rolle im Azure AD zugewiesen werden muss - dort ist aktuell keine granularere Lösung verfügbar

Für AzureAD:

Im Azure AD Admin Center unter “App Registrations” create a new "Role Group", store the Roles and assign the newly created Role Group:

With Basic Auth(Attention, deprecated since October 1, 2022): The user whose credentials are stored in stanocPowerHelper.ps1.

For the combination of Modern Auth and App, the App must be assigned the "Exchange Administrator" role in Azure AD - there is no more granular solution available at the moment.

For AzureAD:

In the Azure AD Admin Center under "App Registrations" ( https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps ) die stanocPowerHelper-App öffnen und unter “API Permissions” die API-Rechte (“Microsoft Graph API”, “Application”) suchen und hinzufügen

Hinweis zur Farbgebung:

Grün: ExchangeOnlineManagement (Rollen)

Gelbopen the stanocPowerHelper app and under "API Permissions" find and add the API permissions ("Microsoft Graph API", "Application")

Note on coloring:

Green: ExchangeOnlineManagement (Roles)

Yellow: AzureAD (MS Graph API Rechterights)

BlauBlue: lokales local Active Directory

ModulModule	ProzessProcess	genutzte used PowerHelper -Befehlecommands	genutzte used PowerShell CMDlets	Benötigte Required Role / RechteRights
ACFremdes Adressbuch lesen	Read foreign address book	ReadAllMailBoxproperties ReadAllGroups ReadUsers (Azure AD / AD) ReadGroups (Azure AD)	Get-EXOMailbox Get-Mailbox Get-RemoteMailbox Get-CalendarProcessing Get-MailboxCalenderConfiguration Get-Group Get-AzureADUser Get-ADUser Get-AzureADGroup	View-Only Recipients User.Read.All Directory.Read.All
SWAP!	Check Exchange -Konten prüfenaccounts	ReadAllMailBoxproperties ReadAllGroups	Get-EXOMailbox Get-Mailbox Get-RemoteMailbox Get-CalendarProcessing Get-MailboxCalenderConfiguration	View-Only Recipients
SWAP!	Check Exchange -Weiterleitungen prüfenForwardings	ReadMailForward	Get-Mailbox	View-Only Recipients
SWAP!	Zugriffsrechte auf Exchange-Postfächer prüfenCheck access rights to Exchange mailboxes	GetMailboxPermission	Get-EXOMailboxPermission Get-MailboxPermission	View-Only Recipients
SWAP!Aktion “Konto prüfen”	Check account" action	ReadMailBoxProperties ReadOneGroup	Get-Mailbox Get-EXOMailbox Get-Group	View-Only Recipients
SWAP!	Aktion “Mailadressen/Weiterleitungen setzen”Set Mail Addresses/Forwards Action	DisableMailForward ConfigureMailForward	Set -Mailboxmailbox	Mail Recipients
SWAP!Aktion “Postfach erzeugen”	Create mailbox" action	CreateMailbox	New-Mailbox New-RemoteMailbox	Mail Recipient Creation
SWAP!Aktion “Mailverteiler-Gruppe erzeugen”	Action "Create mail distribution group	CreateGroup	New-DistributionGroup	Security Group Creation and Membership
SWAP!Aktion “Sicherheitsgruppe erzeugen”	Create Security Group Action	CreateGroup	New-DistributionGroup	Security Group Creation and Membership
SWAP!	Aktion “Microsoft 365 Gruppe erzeugen”Create Microsoft 365 Group action	CreateGroup	New-UnifiedGroup	Mail Recipients
SWAP!Aktion	“Ausrüstung erzeugen”Create Equipment Action	CreateResource	New-Mailbox New-RemoteMailbox Set-CalendarProcessing Set-MailboxCalendarConfiguration	Mail Recipient Creation Mail Recipients
SWAP!Aktion	“Raum erzeugen”Create Space Action	CreateResource	New-Mailbox New-RemoteMailbox Set-CalendarProcessing Set-MailboxCalendarConfiguration	Mail Recipient Creation Mail Recipients
SWAP!Aktion “Domino-Gruppenmitglieder in Exchange-Gruppenmitglieder	übernehmen”Action "Transfer Domino group members to Exchange group members".	AddGroupMembers	Add-DistributionGroupMember Add-UnifiedGroupLinks	Distribution Groups Mail Recipients
SWAP!	Aktion “Domino-Mailadresse(n) als Exchange-Alias(e) setzenAction "Set Domino mail address(es) as Exchange alias(es)	SetMailAlias (AD) AddMailAddress	Set-ADUser Get-ADUser Set -Mailboxmailbox	Mail Recipients
SWAP!Aktion	“Domino-Zugriff auf Exchange-Postfach übertragen”Transfer Domino access to Exchange mailbox" action	AddMailboxPermission RemoveMailboxPermission	Add-RecipientPermission Add-MailboxPermission Remove-MailboxPermission	Mail Recipients
SWAP!	Exchange - Mailverteilergruppe erzeugenCreate mail distribution group	CreateGroup	New-DistributionGroup	Security Group Creation and Membership
SWAP!	Exchange - Sicherheitsgruppe erzeugenCreate Security Group	CreateGroup	New-DistributionGroup	Security Group Creation and Membership
SWAP!	Exchange - Create Microsoft 365 Gruppe erzeugenGroup	CreateGroup	New-UnifiedGroup	Mail Recipients
SWAP!	Exchange - Domino-Gruppenmitglieder in Exchange-Gruppenmitglieder übernehmenTransfer Domino group members to Exchange group members	AddGroupMembers	Add-DistributionGroupMember Add-UnifiedGroupLinks	Distribution Groups Mail Recipients
SWAP!	Exchange - Transfer Domino -Zugriffe auf Exchange-Benutzer-Postfach übertragenaccesses to Exchange user mailbox	AddMailboxPermission RemoveMailboxPermission	Add-RecipientPermission Add-MailboxPermission Remove-MailboxPermission	Mail Recipients
SWAP!	Exchange - Domino-Zugriffe auf Exchange-gemeinsames-Postfach übertragenTransfer domino accesses to Exchange shared mailbox	AddMailboxPermission RemoveMailboxPermission	Add-RecipientPermission Add-MailboxPermission Remove-MailboxPermission	Mail Recipients
SWAP!	Exchange - Weiterleitung nach Domino - wenn nicht durch Verbindung kontrolliert - setzenset forwarding to Domino - if not controlled by connection.	DisableMailForward ConfigureMailForward	Set -Mailboxmailbox	Mail Recipients
SWAP!	Check Azure Active Directory -Konten prüfenaccounts	ReadUsers (Azure AD) ReadGroups (Azure AD)	Get-AzureADUser Get-AzureADGroup	User.Read.All Directory.Read.All
SWAP!	Azure Active Directory - inaktiven Benutzer in Ausrüstung umwandelnconvert inactive user to equipment	ConvertToNonUserMailbox (MSOnline / ExchangeOnline)	Set -Mailboxmailbox	Mail Recipients
SWAP!	Azure Active Directory - inaktiven Benutzer in gemeinsames Postfach umwandelnconvert inactive user to shared mailbox	ConvertToNonUserMailbox (MSOnline / ExchangeOnline)	Set -Mailboxmailbox	Mail Recipients
SWAP!	Azure Active Directory - inaktiven Benutzer in Raum umwandelnconvert inactive user to space	ConvertToNonUserMailbox (MSOnline / ExchangeOnline)	Set -Mailboxmailbox	Mail Recipients
SWAP!	Check Active Directory -Konten accounts (lokallocal) prüfen	ReadUsers (AD) ReadGroups (AD)	Get-ADUser Get-ADGroup
SWAP!	Active Directory - Gruppen für Mailverteiler erzeugenCreate groups for mail distribution lists	CreateGroup (AD)	New-ADGroup Add-ADGroupMember Get-ADGroup Get-ADObject
SWAP!	Active Directory - Gruppen für Sicherheit erzeugenCreate Groups for Security	CreateGroup (AD)	New-ADGroup Add-ADGroupMember Get-ADGroup Get-ADObject
SWAP!	Active Directory - Domino-Gruppenmitglieder in Active Directory-Gruppenmitglieder übernehmenCopy Domino group members to Active Directory group members	AddGroupMembers (AD)	Set-ADGroup Get-ADGroup Get-ADObject
SWAP!	Active Directory - inaktiven Benutzer zum Umwandeln in Ausrüstung erzeugencreate inactive user to convert to equipment	CreateUser (AD)	New-ADUser Get-ADUser
SWAP!	Active Directory - inaktiven Benutzer zum Umwandeln in gemeinsames Postfach erzeugencreate inactive user to convert to shared mailbox	CreateUser (AD)	New-ADUser Get-ADUser
SWAP!	Active Directory - inaktiven Benutzer zum Umwandeln in Raum erzeugencreate inactive user to convert to room	CreateUser (AD)	New-ADUser Get-ADUser

Version	Alte Version 1	Neue Version Aktuell
Änderungen wurden vorgenommen von	Lango: Language and translation manager	Lango: Language and translation manager
Gespeichert am	Aug. 08, 2023	Aug. 08, 2023

Versionen im Vergleich

Schlüssel