Exchange 2010 send on behalf of distribution group

Posted on 2011-09-26
Last Modified: 2012-05-12
I used to be able to send from a distribution group when we had Exchange 2003, these groups have worked since we have upgraded to Exchange 2010. However if we have needed to amend the group details then we have had to change the group from 'Mail Non-Universal' to 'Mail Universal Distribution'

There are to groups in particular which are not behaving the same since being converted to 'Mail Universal Distribution'.

accounts@domainname and support@domainname I can send from the support address but not from the accounts one this has only happened since changing the account group to the 'Mail Universal Distribution' last week. The support group was a long time before that and works fine.

When I try to send a massage as accounts I get this message…

Delivery has failed to these recipients or groups:
You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

Diagnostic information for administrators:

Generating server:
#MSEXCH:MSExchangeIS:/DC=local/DC=DOMAIN:SERVER[578:0x000004DC:0x0000001D] #SMTP#
Question by:Fubschuk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 49

Accepted Solution

Akhater earned 500 total points
ID: 36708222
open ADUC -> View Advanced Features -> find the group -> RIght click properties -> security

ad the user and give it sendas permission

Author Comment

ID: 36708437
Already tried that, but no sucsess. the support@domainname has sendas ticked for 'Authenticated Users' and I have tried the same with the accounts@domainname but this didn't work. I have also added myself to the group in ADUC and tried adding the sendas and even giving full permission but still no joy.

Any other ideas
LVL 29

Expert Comment

ID: 36716920
I'm not convinced that it can be done really.  I probably would have just said "You can't".   A Distrib Group is not a User Account, and more importantly it does not have a mailbox, and I think that makes a difference.   When mail comes in to a Distrib Group the Distrib Group does not hold it because there is no where to hold it,...all it does is re-associate the message with the multiple mailboxes of the Group's Members.  Now you could set the "send on behalf of" toward one of the Group's Members individually, but not the group.

The whole thing is a waste of time anyway.  It is still going to show coming from the user that really sent it anyway.  If the user sending is JSmith then the message they send is going to say  From: JSmith on behalf of DistribGroup.  There are obvious legal reasons for this, prevents fraudulent emails be sent from one person but disguised as someone else.  For example an employee of the company gets "send on behalf" of rights against the company's CEO, the employee sends the message "on behalf of" the CEO to the Mayor and Chief of Police and flames them calling them every name in the book in an attempt to cause the CEO grief.  The behavior of Exchange prevents this from happening.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 49

Expert Comment

ID: 36716946
sorry I missed your reply, please try sending from OWA and not from outlook see if there is a difference in the behavior

to pwindell, it can be done 100%

Author Comment

ID: 36717006
SEND AS is working now, must have be propagation delay from AD with the security settings.
LVL 49

Expert Comment

ID: 36717047
it is not a propagation delay rather the time needed for your outlook to get the new OAB (offline address book) that's why I asked you to try from OWA

thanks for the updates and the points
LVL 29

Expert Comment

ID: 36717115
Very good.
So it is possible after all.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question