I got an email from an Exchange admin asking me a way to find who has the rights to export & import mailbox data from/to PSTs. The answer is a quick one-liner in the Exchange Shell.
We know that the “Mailbox Import Export” role is not assigned to anyone by default, even to the Org Management group. We can assign a user/group the permission by running the following command in Exchange Shell.
New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “username” or
New-ManagementRoleAssignment –Role “Mailbox Import Export” –SecurityGroup “group name”
But, how will we find who has the rights currently? Run the following in the Shell to find out.
Get-ManagamentRoleAssignment –Role “Mailbox Import Export” | fl RoleAssigneeName
The reason why Organization Management comes up, even though I haven’t explicitly given the rights (which I can), is because of the fact that members of the Organization Management group can delegate the “Mailbox Import Export” role to either themselves or others. It will become clear if you add the RoleAssignmentDelegationType parameter in the output.