Send As Permissions Exchange 2007

I posted a question previously about this and the solution worked, however it isn't really a solution at this time.  I'm trying to grant John permissions to send as (send on behalf) of sales in Exchange 2007.  I have given the following command in the EMC as well as in the gui to give Send as permissions and Send on Behalf of.

Add-ADPermission "sales" -User "john" -Extendedrights "Send As"

The way I am having John send as sales is to put sales@domain.com in the From line in Outlook.  He then receives the Exchange Delivery notification that he doesn't have permission when attempting to send as sales.  The only way I can get it to work is if I recreate the Outlook profile.  Unfortunately this isn't an option with this user.

Is there something else I can do? It's been over 24 hours so I know the changes have replicated.
wakebrdr77Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Shreedhar EtteConnect With a Mentor Commented:
Hi,

Refer this article:
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/exchange-2007-permissions-and-roles-part2.html

and search for "Granting Send As Permission"

Hope this helps,
Shree
0
 
ClintSwineyCommented:
Is Sales a user defined in AD or in Exchange? In other words does it have it's own mailbox/username? If not I do not believe you can do this, because you cant send as if the as is a contact or alternate SMTP address.
0
 
wakebrdr77Author Commented:
It has its own AD account and mailbox.  This can be done as I already have other users set up to send as Sales.  I had to recreate their Outlook profile in order for it to work though. I don't want to have to do that this time.  It should be more simple than this.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
martingagnonCommented:
Send As and Grand Send on behalf is different.  In your case, you should configure sales@domain.com as a ditribution group and configure john to send on behalf.  

Set-DistributionGroup "Sales" -GrantSendOnBehalfTo "John","Marc","Peter"

GrantSendOnBehalfTo is a multi-valued properties.  You must have all users when you set the properties.  You could not run the following for example :

Set-DistributionGroup "Distribution Group Name" -GrantSendOnBehalfTo "John"
Set-DistributionGroup "Distribution Group Name" -GrantSendOnBehalfTo "Marc"
Set-DistributionGroup "Distribution Group Name" -GrantSendOnBehalfTo "Peter"

Only Peter would have the permission to send on behalf.

------------
Now if you want to set SendAs use this command

Add-AdPermission "Sales" -user john@domain.com -AccessRights extendedright -ExtendedRights "send as"

Note: “Send as” as precedence over “Send on behalf” if you configure both.
0
 
wakebrdr77Author Commented:
Thanks for the clarification martingagnon. I know I don't want to use Send on Behalf as I do not want the recipient to know the true sender.

The command Add-AdPermission "Sales" -user john@domain.com -AccessRights extendedright -ExtendedRights "send as" has already been set for John.

He is still receiving the nondeliverable message.
0
 
martingagnonCommented:
Verify that the permission have been applied correctly by running the following command:

Get-AdPermission "Sales" -User John@domain.com

Note : Instead of Sales, you may have to enter the full name domain/OU/Sales

It should return something like :
User                : domain\john
Identity            : domain/OU/Sales
Deny                : False
AccessRights        : {ExtendedRight}
ExtendedRights      : {Send-As}
IsInherited         : False
Properties          :
ChildObjectTypes    :
InheritedObjectType :
InheritanceType     : All

If it returns nothing, it means no permissions has been set for this user.
0
 
wakebrdr77Author Commented:
I have exactly that as you showed above, so it appears the permissions have been set.
0
 
martingagnonCommented:
Has the user logged off and logged back on to get his new security token?  If not, make sure he reboots completely the computer he is using to send as using Outlook.
0
 
wakebrdr77Author Commented:
No, he hasn't, but that probably won't happen until he leaves for the day.  I'll update this again tomorrow. Thanks for your help so far.
0
 
martingagnonCommented:
The Send As permission is not granted until after replication has occurred. Replication times depend on your Microsoft Exchange and network configuration. To grant the permission immediately, stop and then restart the Microsoft Exchange Information Store service.
0
 
martingagnonCommented:
Be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address lists. When sending a message, Exchange requires that an e-mail address is resolved in the From field. In the case where a message is sent on behalf of a mailbox that is hidden from address lists, the SMTP address is interpreted as an address that is not from your organization (known as a foreign address) and is rejected.  

So make sure you select the address from the global address list.  If the user has created a contact named sales@domain.com in his personnal contact, the recipient resolver may try to send as this smtp address.  By selecting sales@domain.com, you are sure to use the correct object.
0
 
wakebrdr77Author Commented:
The address is available in the global address book.  Also, it's been 3 days for replication and the user still can't send as.  I guess I'm going to have to recreate the profile.
0
 
martingagnonCommented:
How about you copy his profile with a new name?  That would be quicker than creating from scratch a new profile.  Also, what version is the Microsoft Outlook Client?
0
 
wakebrdr77Author Commented:
I'm just going to recreate it, I know that it works that way.  It's Outlook 2007. Thanks for your help.
0
All Courses

From novice to tech pro — start learning today.