Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

removing "send on behalf" in outlook

Posted on 2011-03-15
2
Medium Priority
?
633 Views
Last Modified: 2012-05-11
I have an employee (B) that opens her bosses (A) email, and responds from A's email.  When an email is sent out, it states B send on behalf of A.  I have researched this problem, and found this:

Exchange administrator instructions to enable Send As permissions
In Microsoft Windows Server 2003, open Active Directory Users and Computers.
On the View menu, click Advanced Features.
Under the domain node, click Users.
Open the user account that you want to add Send As permissions to.
On the Security tab, click Add.
In the Enter the object names to select box, type the display name or user name of the person to whom you want to grant Send As permissions. Multiple users can be added by separating each entry with a semicolon.
Click OK.
In the Permissions list, click Send As, and then select the Allow check box.

The problem is, that after about 5 minutes, the setting disapear from AD.  I look at the list and B is not in there anymore.  I recreate the entry, checking allow send as, click apply and ok.  close it, look back a minute later and it is still there, but after about 5 minutes, then entry disapears.  I have added this both on our exchange 2003 server in AD, and at the DC, both with the same disapearing results!  How do I get this to stay?

Thanks in advance!
0
Comment
Question by:RDCit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 2000 total points
ID: 35141470
From:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21320544.html?sfQueryTermInfo=1+10+30+behalf+send+stai

Referring links:
   http://groups-beta.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/bb5c4bdce0b14735/2a20f9e5fd127328?q=mucklo#2a20f9e5fd127328

and that link references 2 KBs:  http://support.microsoft.com/?id=318180

and http://support.microsoft.com/?id=817433

Solution:
"Hey there.  I think we fixed it finally.  In one of those KBs, it mentions the AdminSDHolder thread that runs and resets permissions on the hour for members of protected groups.  But, group membership is transitive.  So even if a user isn't in a protected group explicitly, if the user is in a group that is in a protected group, the thread will run on that user.  In our case, the Domain Users group was a member of the protected Print Operators group.  After removing Domain Users from Print Operators, the permissions stopped disappearing."


Hope this helps your issue
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 35141518
One solution: It will fix if you remove the Print Operators from the Protected Group.

Details: Step by step

Source: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26176874.html

this is from technet

with the below query you can locate the protected group the user is in and or which accounts are protected. then you can remove them from this group.

http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx


Determining Whether a Security Principal Is Protected by AdminSDHolder

A fairly large number of default users and groups are protected by AdminSDHolder. One thing to keep in mind is that users are protected by AdminSDHolder if they have direct or transitive membership in a security or distribution group. Distribution groups are included because a distribution group can be converted to a security group.

Let's say a user belongs to a distribution list called Canada IT. The Canada IT DL is a member of the North American IT security group; the North American IT security group is a member of the Administrators group. Because the user's transitive group membership includes the Administrators group (by virtue of group nesting), the user's account is protected by AdminSDHolder.

There's an easy way to determine which users and groups AdminSDHolder protects in your domain. You can query the adminCount attribute to determine whether an object is protected by the AdminSDHolder object. The following examples use the ADFind.exe tool, which can be downloaded from joeware.net.

To find all objects in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "adminCount=1" DN
To find all user objects in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "(&(objectcategory=person)(objectclass=user)(admincount=1))" DN
To find all groups in a domain that are protected by AdminSDHolder, type:
Copy Code Adfind.exe -b DC=domain,DC=com -f "(&(objectclass=group)(admincount=1))" DN

Note: In the preceding examples, replace DC=domain,DC=com with the distinguished name of your domain
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question