How to remove "RoleManagement.ReadWrite.Directory" permission (4381368)

サポートと今すぐチャット

オンラインヘルプの参照
登録の完了

サインイン

価格設定をリクエスト

営業担当に連絡

戻る

フィードバックを送信しました

この記事は課題解決に役立ちましたか?

評価を選択

タイトル

How to remove "RoleManagement.ReadWrite.Directory" permission
説明

How to remove "RoleManagement.ReadWrite.Directory" permission
対策
1. Manually
  1. Grant the Migration - Basic consent.
  2. Manually add the Migration - Basic Service Principle to the Exchange Admin Role and delete RoleManagement.ReadWrite.Directory permission on the Migration - Basic enterprise application.
  3. Remove "RoleManagement.ReadWrite.Directory" from the Quest On Demand - Migration - Basic - Minimal
1. Exchange RBAC
  1. Grant the Quest On Demand - Migration - Basic - Minimal consent
  2. Open a SR with the OD Org ID and request the feature flag "migration.accounts.skipAssignExchangeAdminRole" be enabled.
2. Remove the RoleManagement.ReadWrite.Directory permissions from the Quest On Demand Migration - Basic – Minimal enterprise application
3. Get Application ID and Object ID for these two applications
  1. Quest On Demand - Migration - Basic - Minimal
  2. Quest On Demand - Migration - Mailbox Migration - Custom RBAC
4. Using the information collected above, create two service principals in Exchange Online
  1. New-ServicePrincipal -appid %Application ID% -objectid %Object ID% -displayname "Quest On Demand - Migration - Basic - Minimal"
  2. New-ServicePrincipal -appid %Application ID% -objectid %Object ID% -displayname "Quest On Demand - Migration - Mailbox Migration - Custom RBAC”
5. Create a new management scope in Exchange Online, using a name and recipient filter that meet your needs and configuration.
  1. New-ManagementScope -Name "ODM Migration Scope" -RecipientRestrictionFilter "Office -like 'Chicago*"
  2. Create a Management Role Assignment for the "Quest On Demand - Migration - Basic - Minimal"
    1. New-ManagementRoleAssignment -App %Application ID% -Role "Distribution Groups” -CustomResourceScope “ODM Migration Scope
    2. New-ManagementRoleAssignment -App %Application ID% -Role "Mail Recipient” -CustomResourceScope “ODM Migration Scope
  3. Create a Management Role Assignment for the "Quest On Demand - Migration - Mailbox Migration - Custom RBAC” application
    1. New-ManagementRoleAssignment -App %Application ID% -Role "Application Calendars.Read" -CustomResourceScope "ODM Migration Scope”
    2. New-ManagementRoleAssignment -App %Application ID% -Role "Application EWS.AccessAsApp" -CustomResourceScope “ODM Migration Scope”

フィードバックを送信しました

この記事は課題解決に役立ちましたか?

評価を選択

Request a KB Article

推奨コンテンツ

製品：: On Demand Migration
Current

トピック: Technical Solutions

記事の履歴：: 作成日： 11/21/2025
最終更新日： 11/21/2025

すべての記事を検索

製品を選択してください:

サービス向上のために、「Purpose of your Chat（チャットの目的）」を記入してください。

お客様の不具合に推奨されるソリューション

How to remove "RoleManagement.ReadWrite.Directory" permission (4381368)

タイトル

説明

対策

Leave a Comment