Solved

removing "send on behalf" in outlook

Posted on 2011-03-15
2
623 Views
Last Modified: 2012-05-11
I have an employee (B) that opens her bosses (A) email, and responds from A's email.  When an email is sent out, it states B send on behalf of A.  I have researched this problem, and found this:

Exchange administrator instructions to enable Send As permissions
In Microsoft Windows Server 2003, open Active Directory Users and Computers.
On the View menu, click Advanced Features.
Under the domain node, click Users.
Open the user account that you want to add Send As permissions to.
On the Security tab, click Add.
In the Enter the object names to select box, type the display name or user name of the person to whom you want to grant Send As permissions. Multiple users can be added by separating each entry with a semicolon.
Click OK.
In the Permissions list, click Send As, and then select the Allow check box.

The problem is, that after about 5 minutes, the setting disapear from AD.  I look at the list and B is not in there anymore.  I recreate the entry, checking allow send as, click apply and ok.  close it, look back a minute later and it is still there, but after about 5 minutes, then entry disapears.  I have added this both on our exchange 2003 server in AD, and at the DC, both with the same disapearing results!  How do I get this to stay?

Thanks in advance!
0
Comment
Question by:RDCit
  • 2
2 Comments
 
LVL 18

Accepted Solution

by:
Raheman M. Abdul earned 500 total points
ID: 35141470
From:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21320544.html?sfQueryTermInfo=1+10+30+behalf+send+stai

Referring links:
   http://groups-beta.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/bb5c4bdce0b14735/2a20f9e5fd127328?q=mucklo#2a20f9e5fd127328

and that link references 2 KBs:  http://support.microsoft.com/?id=318180

and http://support.microsoft.com/?id=817433

Solution:
"Hey there.  I think we fixed it finally.  In one of those KBs, it mentions the AdminSDHolder thread that runs and resets permissions on the hour for members of protected groups.  But, group membership is transitive.  So even if a user isn't in a protected group explicitly, if the user is in a group that is in a protected group, the thread will run on that user.  In our case, the Domain Users group was a member of the protected Print Operators group.  After removing Domain Users from Print Operators, the permissions stopped disappearing."


Hope this helps your issue
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 35141518
One solution: It will fix if you remove the Print Operators from the Protected Group.

Details: Step by step

Source: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26176874.html

this is from technet

with the below query you can locate the protected group the user is in and or which accounts are protected. then you can remove them from this group.

http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx


Determining Whether a Security Principal Is Protected by AdminSDHolder

A fairly large number of default users and groups are protected by AdminSDHolder. One thing to keep in mind is that users are protected by AdminSDHolder if they have direct or transitive membership in a security or distribution group. Distribution groups are included because a distribution group can be converted to a security group.

Let's say a user belongs to a distribution list called Canada IT. The Canada IT DL is a member of the North American IT security group; the North American IT security group is a member of the Administrators group. Because the user's transitive group membership includes the Administrators group (by virtue of group nesting), the user's account is protected by AdminSDHolder.

There's an easy way to determine which users and groups AdminSDHolder protects in your domain. You can query the adminCount attribute to determine whether an object is protected by the AdminSDHolder object. The following examples use the ADFind.exe tool, which can be downloaded from joeware.net.

To find all objects in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "adminCount=1" DN
To find all user objects in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "(&(objectcategory=person)(objectclass=user)(admincount=1))" DN
To find all groups in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "(&(objectclass=group)(admincount=1))" DN

Note: In the preceding examples, replace DC=domain,DC=com with the distinguished name of your domain
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

If you don't know how to downgrade, my instructions below should be helpful.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now