How to allow a user to send email from another user via the server

A user is on holiday and someone else is monitoring his account.  When the new user tries to send an email from the abscent users mailbox he gets an error as he does have the correct permissions.  How do I change this setting from the server console?

Thanks, David
djemanuelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
You will require to give him Send As permission.
0
djemanuelAuthor Commented:
Ah, I have done this already, perhaps I just need to wait for a replication.  Do you know how frequently they run?

Thanks, David
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

AnuroopsunddCommented:
depends upon the link and location of your DC's.
0
tigermattCommented:
That all depends on how you want the messages to be "perceived". There are two methods, each requiring slightly different permissions.

Send As allows the user to impersonate the person who is on holiday without any mention in the emails that it is really the covering user sending those messages. This is good when a Shared Mailbox is in use, but companies don't tend to like it when one user is covering another user. To add Send-As permissions, you can do it at the Exchange Management Shell: get-mailbox <the user on holiday> | add-adpermission -user DOMAIN\<username of covering user> -accessright extendedright -extendedrights send-as
Send on Behalf is the preferred method for these scenarios in most institutions. It is a lesser permission from a political perspective. This provides some accountability, because all messages are signed as <Covering User> on behalf of <User on Holiday>. Thus, recipients are aware who has really sent the message and the user on holiday is protected - covering user cannot impersonate him. Ultimately, it's a trust thing, but it's important to get it right. Send on behalf rights can be added by editing the user properties in the Management Console, or again, at the shell: Set-Mailbox <Holiday User> -GrantSendOnBehalfTo <Covering User>

All permissions changes are likely to take some time to take effect, especially if the user has tried and received failures, as the 'failed' permission will be cached internally for some time.

-Matt
0
tigermattCommented:
David,

The change will replicate around the local AD site immediately by intra-site replication, so if you made the change in the same site as this user's Exchange mailbox is stored, chances are it's going to be on those DCs already. It's the internal caching in Exchange which will be more likely to cause delays for you. By default, Exchange will cache permissions like mailbox access and send as/on behalf rights for up to 4 hours. This is primarily to reduce load on AD by preventing Exchange checking with a DC every time a user performs an action.

Now, since your user has already tried to send and received a failure, Exchange will be caching a set of permissions which do not give the user the Send-As rights and will refer to these each time he tries to do so. Until that cache is refreshed, the user is going to be unable to exercise their send-as/-on-behalf rights, even if the permissions are correct in AD.

You could start restarting certain services, which will clear caches, but this will also take your mail environment offline for a period of time.

It's generally best just to wait.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.