Created Management Scope then had to delete the Associated user, now cannot recreate or reassociate

Hi All-

Trying to follow instructions to setup a room scheduler attached to Office 365.

I created a service account as requested in the instructions, then ran this command:

  1. Create a management scope which will be used in the next step to restrict the impersonation right. The below command will limit the scope to resources (room and equipment mailboxes):

New-ManagementScope -Name “ResourceMailboxes” -RecipientRestrictionFilter { RecipientTypeDetails -eq “RoomMailbox” -or RecipientTypeDetails -eq “EquipmentMailbox” }

Next ran:

This will grant the service account Impersonation using the management scope:

New-ManagementRoleAssignment –Name “ResourceImpersonation” –Role ApplicationImpersonation -User “service-account@domain.com” –CustomRecipientWriteScope “ResourceMailboxes”

Due to some fuckery that wasn’t communicated to me about how OKTA is now part of our federated domain setup I had to delete then recreate the service account. But now I get errors when I run the second command to associate the new account with the ManagementRoleAssignment. Do I need to delete the management scope that was created to start over? If so, how?

submitted by /u/Nimmerzz_IT
[link] [comments]

Leave a Reply