elpaso1
asked on
Urgent - cannot set Delegate on CIO's mailbox
Running Exchange 2007 SP2 and Outlook 2007 SP2. We have two forests, one for Messaging (Exchange) and one for standard user accounts, i.e. we're using linked mailboxes.
Exchange forest is called Exchange, user account forest is called Domain.
There is a CIO named Bill Gates. He wants his PA, Jenny Smith, to be able to recv and respond to meeting requests sent to him.
In Bill's Outlook, we go to Delegates and add Jenny as a delegate so that she has Editor access on his Calendar. We tick the box saying "Delegate receives copies of meeting related messages sent to me"
But when he tries to save, he gets the message:
"The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object"
We've also gone into Exchange Shell and run this command:
Add-ADPermission -identity BillGates - user Domain\JennySmith -properties:publicDelegate s -AccessRights:WritePropert y
Stil same problem!
Any ideas?
Exchange forest is called Exchange, user account forest is called Domain.
There is a CIO named Bill Gates. He wants his PA, Jenny Smith, to be able to recv and respond to meeting requests sent to him.
In Bill's Outlook, we go to Delegates and add Jenny as a delegate so that she has Editor access on his Calendar. We tick the box saying "Delegate receives copies of meeting related messages sent to me"
But when he tries to save, he gets the message:
"The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object"
We've also gone into Exchange Shell and run this command:
Add-ADPermission -identity BillGates - user Domain\JennySmith -properties:publicDelegate
Stil same problem!
Any ideas?
Additional note:
To see the permissions you've got on the CIO's user, you can use (for ex) ADExplorer, right click on the CIO's user and go to the security tab...
To see the permissions you've got on the CIO's user, you can use (for ex) ADExplorer, right click on the CIO's user and go to the security tab...
ASKER
Hi
The CIO is trying to add the delegate to his own mailbox, via Outlook, and getting that error.
If I go to Exchange Management Console > CIO's mailbox properties, I can see that the PA has send on behalf rights set there.
So not sure where or what the problem is, but everytime the CIO tries to add his PA as a delegate so she can respond to his Calendar stuff, he gets this message:
"The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object"
The CIO is trying to add the delegate to his own mailbox, via Outlook, and getting that error.
If I go to Exchange Management Console > CIO's mailbox properties, I can see that the PA has send on behalf rights set there.
So not sure where or what the problem is, but everytime the CIO tries to add his PA as a delegate so she can respond to his Calendar stuff, he gets this message:
"The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object"
Hi,
Try the following PS cmd
Get-mailbox CIOmailbox | Add-ADPermission –user “NT AUTHORITY\SELF” –AccessRights WriteProperty –Properties Personal-Information
Try the following PS cmd
Get-mailbox CIOmailbox | Add-ADPermission –user “NT AUTHORITY\SELF” –AccessRights WriteProperty –Properties Personal-Information
ASKER
Hi v-2nas
Couple of questions on running the above:
1. Is there any risk at all? The user having the problem is the CIO so I don't want to run something that may mess up his mailbox or rights somehow :)
2. I assume I actually write "NT Authority\SELF" after -user, not the CIO's AD account name or anything like that?
3. How will this fix the problem?
Thanks very much both!
Couple of questions on running the above:
1. Is there any risk at all? The user having the problem is the CIO so I don't want to run something that may mess up his mailbox or rights somehow :)
2. I assume I actually write "NT Authority\SELF" after -user, not the CIO's AD account name or anything like that?
3. How will this fix the problem?
Thanks very much both!
Hi,
If you try with a test account do you face the same issue.
Have you run this command in resource forest
Add-ADPermission -identity BillGates - user Domain\JennySmith -properties:publicDelegate s -AccessRights:WritePropert y
Have you tried Setting delegation using OWA?
If you try with a test account do you face the same issue.
Have you run this command in resource forest
Add-ADPermission -identity BillGates - user Domain\JennySmith -properties:publicDelegate
Have you tried Setting delegation using OWA?
ASKER
Hi
I tried with my own account, it works fine without having to do all this.
I have run that Add-ADPermission command in the Exchange forest, yes (I assume resource forest=Exchange forest?)
I didn't know that you could set Delegation via OWA in Exchange 2007? Is this possible in case the problem is something to do with the CIO's profile?
I tried with my own account, it works fine without having to do all this.
I have run that Add-ADPermission command in the Exchange forest, yes (I assume resource forest=Exchange forest?)
I didn't know that you could set Delegation via OWA in Exchange 2007? Is this possible in case the problem is something to do with the CIO's profile?
Try with OWA. I am aslo looking for more options as well. Its a little bit complex in linkedmailbox scenario
ASKER
Ran cleanfreebusy but this didn't fix it :( Also noticed that the CIO cannot even remove existing delegates or add new ones, he always gets "The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object" coming up.
Any ideas? Is it possible that he's missing some rights to perform actions on his own mailbox? SELF does have Full Mailbox access to his mailbox though.
Any ideas? Is it possible that he's missing some rights to perform actions on his own mailbox? SELF does have Full Mailbox access to his mailbox though.
Can you confirm if user has "Write Personal Information" permission in AD?
ASKER
Do you know how I would do that? And if it hasn't - do I add that permission to SELF or to BillGates?
Hi,
this will be for self account. I don't have a lab env where i can repro but i have worked on this issue before.
First check the above option if it doesn't work then you can use EMC to grant appropriate permissions.
this will be for self account. I don't have a lab env where i can repro but i have worked on this issue before.
First check the above option if it doesn't work then you can use EMC to grant appropriate permissions.
ASKER
Will give it a go - out of interest, what is difference between giving access to SELF and giving access to BillGates?
ASKER
Ok, managed to get it to work by running this command:
Add-ADPermission -identity BillGates - user Domain\BillGates -properties:publicDelegate s -AccessRights:WritePropert y
No idea how though!!
Can anyone explain?
Add-ADPermission -identity BillGates - user Domain\BillGates -properties:publicDelegate
No idea how though!!
Can anyone explain?
Information stores caches permission for 2 hours before it apply. the immediate would be restart of the store would bring permission in effect asap.
may be earlier permission didn't propagated properly and now it is.
ASKER
Ah ok. Out of interest do
Add-ADPermission -identity BillGates - user Domain\BillGates -properties:publicDelegate s -AccessRights:WritePropert y
and
Add-ADPermission -identity BillGates - user NT Authority\Self -properties:publicDelegate s -AccessRights:WritePropert y
do the same thing?
Add-ADPermission -identity BillGates - user Domain\BillGates -properties:publicDelegate
and
Add-ADPermission -identity BillGates - user NT Authority\Self -properties:publicDelegate
do the same thing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you wrote that you received the error:
"The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object"
Do you have enough permissions to change the CIO's mailbox send-on-behalfs?
You might try executing the command as administrator or as the CIO user, hoping that it will grant you sufficient permissions.
I hope it helps.