There are reported instances where some RBAC roles “disappear” during the upgrade from Exchange 2010 RTM to Exchange 2010 SP1. Normally the symptom of this problem is when a user who is a member of the Organization Management role group (the most powerful of all the RBAC role groups) is unable to make a new role assignment or work with a role group. Of course, the first thing to do is to check that the user actually is a member of a role group that allows them to execute the desired operation, but if all things fail, you could try to reinstall the RBAC roles and role assignments using the same commands used by Setup.
To do this, perform the following steps.
- Launch the Exchange Management Shell (EMS)
- Run “Add-PsSnapin Microsoft*” to load the snap-ins that you need to install RBAC
- Run the “Install-CannedRBACRoles” cmdlet to install the out-of-the-box RBAC roles that you’d expect to be defined for Exchange 2010 SP1.
- Run the “Install-CannedRBACRoleAssignments” cmdlet to install the out-of-the-box role assignments (that obviously depend on the roles that you’ve just installed).
- Close EMS
- Restart EMS to create a new session. During session initialization, Exchange will reload the roles and role assignments that are available to the user, so you should be able to retry the failed operation to see whether the reinstallation of the RBAC roles and role assignments has fixed the problem.
There are other variations of the problem. This post provides a good set of steps to execute if Setup fails to install RBAC for some reason.
Hope this helps!