Solved

How to allow a user to send email from another user via the server

Posted on 2012-04-02
6
308 Views
Last Modified: 2012-04-02
A user is on holiday and someone else is monitoring his account.  When the new user tries to send an email from the abscent users mailbox he gets an error as he does have the correct permissions.  How do I change this setting from the server console?

Thanks, David
0
Comment
Question by:djemanuel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 75 total points
ID: 37796305
You will require to give him Send As permission.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796307
0
 

Author Comment

by:djemanuel
ID: 37796328
Ah, I have done this already, perhaps I just need to wait for a replication.  Do you know how frequently they run?

Thanks, David
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796348
depends upon the link and location of your DC's.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 37796358
That all depends on how you want the messages to be "perceived". There are two methods, each requiring slightly different permissions.

Send As allows the user to impersonate the person who is on holiday without any mention in the emails that it is really the covering user sending those messages. This is good when a Shared Mailbox is in use, but companies don't tend to like it when one user is covering another user. To add Send-As permissions, you can do it at the Exchange Management Shell: get-mailbox <the user on holiday> | add-adpermission -user DOMAIN\<username of covering user> -accessright extendedright -extendedrights send-as
Send on Behalf is the preferred method for these scenarios in most institutions. It is a lesser permission from a political perspective. This provides some accountability, because all messages are signed as <Covering User> on behalf of <User on Holiday>. Thus, recipients are aware who has really sent the message and the user on holiday is protected - covering user cannot impersonate him. Ultimately, it's a trust thing, but it's important to get it right. Send on behalf rights can be added by editing the user properties in the Management Console, or again, at the shell: Set-Mailbox <Holiday User> -GrantSendOnBehalfTo <Covering User>

All permissions changes are likely to take some time to take effect, especially if the user has tried and received failures, as the 'failed' permission will be cached internally for some time.

-Matt
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 75 total points
ID: 37796391
David,

The change will replicate around the local AD site immediately by intra-site replication, so if you made the change in the same site as this user's Exchange mailbox is stored, chances are it's going to be on those DCs already. It's the internal caching in Exchange which will be more likely to cause delays for you. By default, Exchange will cache permissions like mailbox access and send as/on behalf rights for up to 4 hours. This is primarily to reduce load on AD by preventing Exchange checking with a DC every time a user performs an action.

Now, since your user has already tried to send and received a failure, Exchange will be caching a set of permissions which do not give the user the Send-As rights and will refer to these each time he tries to do so. Until that cache is refreshed, the user is going to be unable to exercise their send-as/-on-behalf rights, even if the permissions are correct in AD.

You could start restarting certain services, which will clear caches, but this will also take your mail environment offline for a period of time.

It's generally best just to wait.

-Matt
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question