Day: Wed 21 Oct 2015

Note-to-self: Exchange recipient administration rights in ILM/FIM/MIM

Another great post to bookmark, using the blog as my external memory again:
Check Paul Williams’ post at :

“What am I talking about?  Reducing the privilege required to perform Exchange recipient provisioning using the Active Directory Domain Services Management Agent (ADMA).  The default documentation on the subject clearly states that in order to provision mailbox-enabled users or linked mailboxes the ADMA account needs to be a member of the Recipient Administrators role group.  Now, while it’s true membership in that group will allow you to run Update-Recipient and successfully invoke the RUS after creating a user and stamping the mandatory Exchange attributes that same membership also grants you access to perform a multitude of recipient administration tasks that the account doesn’t need to perform.”

And also :

Note-to-self: Podcast An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!

Source: got this from Tom Shinder,

“Really interesting and informative podcast with David Cross, where he discusses a multitude of issues around Azure Security.

Definitely 5 stars!

An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!