Exchisa
asked on
SEND AS Permissions problem
Hi all.
My problem has three parts:
First one:
When trying to assign permissions for any one member of any protected
Group the “send as” in order to be able to send as a group on exchange 2010 , they keep say:
Active Directory operation failed on DOM-CONTROLLER. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 the user has insufficient access rights.
I read this article but it did not solve my problem: http://msexchangeteam.com/archive/2009/09/23/452595.aspx
Second part:
For any normal user, after successfully assign the permissions to send as a group, sometimes it works and sometimes
Not, does it matter of time? Is for any one member of any protected
Group there any service may I restart in order action takes effects.
I receive this error on OWA:
You don't have the permissions required to send messages from this mailbox.
Third Part:
In exchange 2010 do am still have to tick the send as permission for any user or group on the ACL for the same user or group?
Regards
My problem has three parts:
First one:
When trying to assign permissions for any one member of any protected
Group the “send as” in order to be able to send as a group on exchange 2010 , they keep say:
Active Directory operation failed on DOM-CONTROLLER. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 the user has insufficient access rights.
I read this article but it did not solve my problem: http://msexchangeteam.com/archive/2009/09/23/452595.aspx
Second part:
For any normal user, after successfully assign the permissions to send as a group, sometimes it works and sometimes
Not, does it matter of time? Is for any one member of any protected
Group there any service may I restart in order action takes effects.
I receive this error on OWA:
You don't have the permissions required to send messages from this mailbox.
Third Part:
In exchange 2010 do am still have to tick the send as permission for any user or group on the ACL for the same user or group?
Regards
dont amend the settings in active directory for exchange 2010 servers. use the exchange management console> recipient config>mailbox and use 'manage send as permission' in the right pane.
Its looks like permission issue.
Go through .
http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspx
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/b28ea96a-8458-4ec8-87a8-66f64cbb7600
Or bypass it all with a 3rd party app: http;//www.servolutions.com/changesender.htm
ASKER
SatyaPathak: :
I already tick the checkbox to inherit all the permissions from the parent , now for those who
are members of any protected group , this check box keep un-ticked again every 15 min ,
active directory keep synchronize these permissions with adminsdholder .
anyway my problem are still open , hope it solved .
wait something
I already tick the checkbox to inherit all the permissions from the parent , now for those who
are members of any protected group , this check box keep un-ticked again every 15 min ,
active directory keep synchronize these permissions with adminsdholder .
anyway my problem are still open , hope it solved .
wait something
Hi Exchisa,
Many, many apologies, as I mis-read your query and missed the vital bit of info (serves me right for reading it on my mobile...)
I'm afraid you are a bit stuck. Members of the protected groups are automatically reset to the approved permissions at regular intervals as a security measure.
I'm afraid you are not going to be able to use the 'send as' facility on any member of such a group.
Either move the user to another group or change the e-mail address to suit your needs.
EG:
Lets say you want to 'send as' administrator:-
a) change the administrator's email from {administrator@domain.com} to {administrator2@domain.com } and disable automatic recipient policy updates for the user.
b) Create a distribution group for {administrator@domain.com} and set administrator as a member so they receive messages as they would have before.
c) set the send as permissions on the distribution group {administrator@domain.com} to allow users to send as, including the administrator user.
This is technically a workaround, not a solution.
Many, many apologies, as I mis-read your query and missed the vital bit of info (serves me right for reading it on my mobile...)
I'm afraid you are a bit stuck. Members of the protected groups are automatically reset to the approved permissions at regular intervals as a security measure.
I'm afraid you are not going to be able to use the 'send as' facility on any member of such a group.
Either move the user to another group or change the e-mail address to suit your needs.
EG:
Lets say you want to 'send as' administrator:-
a) change the administrator's email from {administrator@domain.com}
b) Create a distribution group for {administrator@domain.com}
c) set the send as permissions on the distribution group {administrator@domain.com}
This is technically a workaround, not a solution.
ASKER
Dear All .
I still stuck to have this feature working perfectly .
Now I don't want to use this feature to enable users to send as by each other , i only want the users on any given group to send by the name of this group , i did not configure any thing in the ADUC snap in , i only configure this feature from the EMC .
i recieve this error from outlook 2010 :
You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
I surprised that this feature are working sometimes and sometimes not (this is the truth).
does this feature need a CAL like archiving ??
Wait a reply
I still stuck to have this feature working perfectly .
Now I don't want to use this feature to enable users to send as by each other , i only want the users on any given group to send by the name of this group , i did not configure any thing in the ADUC snap in , i only configure this feature from the EMC .
i recieve this error from outlook 2010 :
You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
I surprised that this feature are working sometimes and sometimes not (this is the truth).
does this feature need a CAL like archiving ??
Wait a reply
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
totallytonto:
No It's NOT .
Thanks
No It's NOT .
Thanks
ASKER
totallytonto : I leave configure this from the EMC , instead , i use the ACL for that group in AD , in order to enable SEND AS , just tick the send as permission
2) restart the information store and system attendant to speed it.
3) send as is managed using send as permissions in the EMC http://technet.microsoft.com/en-us/library/bb676368.aspx