You have an Exchange Server 2010 organization named adatum.com. You deploy a server that has
Exchange Server 2013 installed. You plan to install eight additional servers that have Exchange
Server 2013 installed. You are a member of the Organization Management management role group.
You hire a temporary Exchange administrator named Temp1. The company’s security policy states
that all external consultants must have the minimum number of required permissions on the
network. You need to ensure that Temp1 can install a server named Server5. The solution must meet
the requirements of the security policy. Which two tasks should you perform? (Each correct answer
presents part of the solution. Choose two.)

A.
Run setup and specify the /newprovisionedserver:Server5 parameter.

B.
Add Temp1 to the Delegated Setup management role group.

C.
Add Temp1 to the Exchange Server role group.

D.
Create a new management role and a new role assignment policy.

E.
Run setup and specify the /roles:temp1 parameter

Explanation:
NOT C
Unable to install a server given this management role
The Exchange Servers management role enables administrators to do the following on individual
servers:
Add and remove database availability groups and configure database copies
Enable, disable and configure Unified Messaging services
Modify transport configuration on Mailbox and Client Access servers
Enable and disable Microsoft Outlook Anywhere on Client Access servers
Modify Mailbox and Client Access server configuration
Modify Outlook Anywhere configuration on Client Access servers
Modify content filtering configuration on Mailbox servers
Modify general Exchange server configuration
Modify server monitoring configuration
View the configuration for each server role
This management role is one of several built-in roles in the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2013. Management roles, which are assigned to
one or more management role groups, management role assignment policies, users, or universal
security groups (USG), act as a logical grouping of cmdlets or scripts that are combined to provide
access to view or modify the configuration of Exchange 2013 components, such as mailbox
databases, transport rules, and recipients. If a cmdlet or script and its parameters, together called a
management role entry, are included on a role, that cmdlet or script and its parameters can be run
by those assigned the role. For more information about management roles and management role
entries, see Understanding Management Roles.
NOT D
No need to create a new management role
NOT E
Need to use the /NewProvisionedServer parameter setup /roles command is OK for exchange 2007
With temp1 appears to be an invalid command and not applicable to exchange 2013
A
To delegate setup, you must first run Setup.com from a Command Prompt window with the /
NewProvisionedServer parameter.
This will not install Exchange on the server, but instead will create a placeholder object for the server
in Active Directory and will add the machine account for this server to the Exchange Servers group.
B
Need to Add Temp1 to the Delegated Setup management role group.
Delegated Setup management role group
The Delegated Setup management role group is one of several built-in role groups that make up the
Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server 2013.

Role groups are assigned one or more management roles that contain the permissions required to
perform a given set of tasks. The members of a role group are granted access to the management
roles assigned to the role group. For more information about role groups, see Understanding
Management Role Groups.
Administrators who are members of the Delegated Setup role group can deploy servers running
Exchange 2013 that have been previously provisioned by a member of the Organization
Management role group.
Members of the Delegated Setup role group can only deploy Exchange 2013 servers. They can’t
manage the server after it’s been deployed.
To manage a server after it’s been deployed, a user must be a member of the Server Management
role group.
For more information about RBAC, see Understanding Role Based Access Control.