KB ID 0001707
Problem
When attempting to open the Exchange Management shell you see the following;
[box]
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help **
Get general help: Help
Get help for a cmdlet: Help or -?
Exchange team blog: Get-ExBlog
Show full output for a command: | Format-List
Show quick reference guide: QuickRef
VERBOSE: Connecting to {mail server}
New-PSSession : [{mail server}] Processing data from remote server {mail server} failed with the
following error message: [ClientAccessServer={mail server}BackEndServer={mail server},RequestId=f092f550-6451-
4dea-820d-20322101874a,TimeStamp=08/10/2020 09:24:58]
[AuthZRequestId=eb185d5f-6a49-471f-9267-ad0ce9231d0f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user
"DOMAIN/{User-Name}" isn't assigned to any management roles. For more information, see the
about_Remote_Troubleshooting Help topic.
[/box]
When this happens you may also see Event ID 258 get logged;
[box]
Log Name: Application Source: MSExchange RBAC Date: {date} {time} Event ID: 258 Task Category: RBAC Level: Error Keywords: Classic User: N/A Computer: {Mail Server} Description: (Process 9680, PID w3wp.exe)"RemotePS Public API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The user "{Domain/user-name}" isn't assigned to any management roles.
[/box]
Solution
I’ve highlighted the most pertinent text in the error messages (above), that being;
The user “{Domain/User-Name}” isn’t assigned to any management roles.
For once Microsoft error messages are actually quite descriptive and helpful! The user that you are attempting to open the Exchange Management Shell with does not have the Exchanger administrative rights to do so! Typically to manage Exchange you need to be a member of the ‘Organization Management’ group, (my Englishness OCD hates that spelling!)
So, (obviously using your administrative account NOT you normal user account ;P ) Add yourself to that group.
Remember, granting rights via a ‘group‘ means you will have to log off, and then back on again, before you actually get those rights.
Related Articles, References, Credits, or External Links
NA