How do I grant users Full Access and Send As permission at the same time in Exchange 2010

ThereIsNoSpoon used Ask the Experts™

I've been working on this for a few days now, and I have given up...

We have a "public" e-mail address: This e-mail address is the primary e-mail address of an AD account named "Customer Service".

I need people in customer service to be able to view incoming e-mails, and replying back to the customers using the "Customer Service" account as the sender.

I have added a few users using the "Manage Send As permission..." in the Exchange MMC. These users can now send e-mails as the "Customer Service" account. But they do not see any new e-mails arriving in the "Customer Service" mailbox.

If I grant them "Full Access Permission" they can see e-mails and if I grant them Send As permissons additionally, they can also send as "Customer Service", but after some time, the Send As permissions disappear (I assume it's the AdminSDHolder that cleans up).

I think this is a pretty common scenario - having mutiple people managing a customer support mailbox so there must be an easy way to accomplish this simple task.

Thanks for any help or directions.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
are these people members of  "Customer Service" group ?


No. The users that should access and send from the "Customer Service" account are only member of "Domain Users" - that's it.

Please create a new domain user account and run the below commands to grant permission.
Add-MailboxPermission -Identity <Mailbox name> -User TedBrem -AccessRights Fullaccess -InheritanceType all
Add-ADPermission <Mailbox name> -User "Domain\User" -Extendedrights "Send As"

This will help us to narrow down further. If the new account does not have any issue, then we have to check the DL  that you are using. If the new account also has the issue, then we have to check for any GPO or inheritance.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

then ""Customer Service" is a user account not group ? if so, then create a new group let say "Customer Service group".

forward all emails sent to "Customer Service" user account to that group  and add all users ( you want), to he group.


@KSK2000: I created a new account named "New Customer Service" and granted Full access rights + Send As rights to the user DOMAIN\BD (me) as you described.
However, I cannot open the folders from within Outlook when I add the Mailbox to my Profile. ("The set of folders cannot be opened. You do not have permission to log on".)
This is possible on the old "Customer Service" user.

@Sulimanw: "Customer Service" is a real user account. I can create a DL the sends the same e-mail to the relevant users, but I want a single mailbox that holds all the incoming e-mails to avoid having the e-mails spread out on every person's individual mailbox.

Pls check what permission domain\BD has on the mailbox. you can use get-mailboxpermission and get-adpermission to check the permission.
Found it!

All user(s) in question were members of Domain Users which is not a protected group.

However, after looking closely at the memberships, I found that Domain Users was a member of Print Operators. Print Operators is a protected group in Windows Server 2008 and therefore the AdminSDHolder object forces the AD Service to remove my users from my Customer Service account.

After removing Domain Users from Print Operators, the permissions stays untouched.


Took forever to reach this simple conclusion :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial