Create Recipient Filter Scopes

• To learn how to install and configure Windows PowerShell and connect to the service, see Use Windows PowerShell in Exchange Online.
  
• For detailed information about the recipient filter syntax, including the operators and filterable recipient properties, see Create Dynamic Distribution Groups Using Customized Filters.
  

Run the following command:

New-ManagementScope -Name <name> -RecipientRestrictionFilter {<filter>}

Example   Here's a command that creates a recipient filter scope named "Washington Engineering" that specifies all mailboxes in Washington State whose departments start with "Engineer".

Run the following command:

New-ManagementScope -Name "Washington Engineering" -RecipientRestrictionFilter {(RecipientType -eq 'UserMailbox') -and (StateOrProvince -eq 'WA') -and (Department -like 'Engineer*')}

Note   To list the mailboxes defined by this recipient filter scope, run the following command:

Get-User | where {($_.RecipientType -eq 'UserMailbox') -and ($_.StateOrProvince -eq 'WA') -and ($_.Department -like 'Engineer*')}

After you create the recipient filter scope, you need to associate the scope with a role assignment. A role assignment associates a management role to a role group, security group, or user. Assigning a role to a role group grants members of the role group permissions to use the Windows PowerShell cmdlets and parameters defined in the role. The write scope of the role assignment controls where the roles can be used.

To use the recipient filter scope you created in the previous step, you create a new role group, assign the roles to the role group, apply the recipient filter scope to the roles assigned to the role group, and add mailboxes to the role group. You can perform these actions when you create a new role group in the Exchange Control Panel.

Here's an example. You want to create limited help desk users who are allowed to view and change mailbox settings for users in Washington State who are in the Engineering department only.

Perform the following steps:

1. In the Exchange Control Panel, select Manage My Organization > Roles & Auditing > Administrator Roles, and click New.
   
2. Enter the following information in the New Role Group window:
   
   1. Name   Enter a unique, descriptive name for the role group. For example, "User Options - Washington Engineering".
      
   2. Description   Enter descriptive information about the role group. For example, "This role gives users the ability to modify the mailbox settings in the Options page for Engineers in Washington State only using the Washington Engineering recipient filter scope."
      
   3. Write scope   Select the recipient filter scope you created, for example, "Washington Engineering".
      
   4. Roles   Click Add. Select the administrator roles you want to assign to the role group. For example, select "User Options", click Add, and then click OK.
      
   5. Members   Click Add. Select the users or groups you want to add, and click Add. Repeat this procedure for each user or group.
      
   6. When you are finished, click OK, and then click Save.
      

• When you apply a write scope to the roles assigned to a role group in the Exchange Control Panel, the write scope is applied to all the roles that are assigned to the role group. If any of the following conditions are true, you can't view or change the write scope, or add roles or remove roles in the Exchange Control Panel:
  
  • An end-user role is assigned to the role group.
    
  • A role is assigned to the role group using a different write scope than the other roles.
    
  • Roles are assigned to the role group using exclusive write scopes. An exclusive write scope isolates specific mailboxes so they can be managed by designated administrators only. For more information, see Create Exclusive Write Scopes.