Cannot Open Exchange Management Shell

KB ID 0001707

Problem

When attempting to open the Exchange Management shell you see the following;

[box]

         Welcome to the Exchange Management Shell!

Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help **
Get general help: Help
Get help for a cmdlet: Help  or  -?
Exchange team blog: Get-ExBlog
Show full output for a command:  | Format-List

Show quick reference guide: QuickRef
VERBOSE: Connecting to {mail server}
New-PSSession : [{mail server}] Processing data from remote server {mail server} failed with the
following error message: [ClientAccessServer={mail server}BackEndServer={mail server},RequestId=f092f550-6451-
4dea-820d-20322101874a,TimeStamp=08/10/2020 09:24:58]
[AuthZRequestId=eb185d5f-6a49-471f-9267-ad0ce9231d0f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user
"DOMAIN/{User-Name}" isn't assigned to any management roles. For more information, see the
about_Remote_Troubleshooting Help topic.

[/box]

When this happens you may also see Event ID 258 get logged;

[box]

Log Name:      Application
Source:        MSExchange RBAC
Date:          {date} {time}
Event ID:      258
Task Category: RBAC
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      {Mail Server}
Description:
(Process 9680, PID w3wp.exe)"RemotePS Public API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The user "{Domain/user-name}" isn't assigned to any management roles.

[/box]

Solution

I’ve highlighted the most pertinent text in the error messages (above), that being;

The user “{Domain/User-Name}” isn’t assigned to any management roles.

For once Microsoft error messages are actually quite descriptive and helpful! The user that you are attempting to open the Exchange Management Shell with does not have the Exchanger administrative rights to do so! Typically to manage Exchange you need to be a member of the ‘Organization Management’ group, (my Englishness OCD hates that spelling!) 

So, (obviously using your administrative account NOT you normal user account ;P ) Add yourself to that group.

Remember, granting rights via a ‘group‘ means you will have to log off, and then back on again, before you actually get those rights.

Related Articles, References, Credits, or External Links

NA

Leave a Reply

Your email address will not be published. Required fields are marked *