Solved

How to allow a user to send email from another user via the server

Posted on 2012-04-02
6
307 Views
Last Modified: 2012-04-02
A user is on holiday and someone else is monitoring his account.  When the new user tries to send an email from the abscent users mailbox he gets an error as he does have the correct permissions.  How do I change this setting from the server console?

Thanks, David
0
Comment
Question by:djemanuel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 75 total points
ID: 37796305
You will require to give him Send As permission.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796307
0
 

Author Comment

by:djemanuel
ID: 37796328
Ah, I have done this already, perhaps I just need to wait for a replication.  Do you know how frequently they run?

Thanks, David
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796348
depends upon the link and location of your DC's.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 37796358
That all depends on how you want the messages to be "perceived". There are two methods, each requiring slightly different permissions.

Send As allows the user to impersonate the person who is on holiday without any mention in the emails that it is really the covering user sending those messages. This is good when a Shared Mailbox is in use, but companies don't tend to like it when one user is covering another user. To add Send-As permissions, you can do it at the Exchange Management Shell: get-mailbox <the user on holiday> | add-adpermission -user DOMAIN\<username of covering user> -accessright extendedright -extendedrights send-as
Send on Behalf is the preferred method for these scenarios in most institutions. It is a lesser permission from a political perspective. This provides some accountability, because all messages are signed as <Covering User> on behalf of <User on Holiday>. Thus, recipients are aware who has really sent the message and the user on holiday is protected - covering user cannot impersonate him. Ultimately, it's a trust thing, but it's important to get it right. Send on behalf rights can be added by editing the user properties in the Management Console, or again, at the shell: Set-Mailbox <Holiday User> -GrantSendOnBehalfTo <Covering User>

All permissions changes are likely to take some time to take effect, especially if the user has tried and received failures, as the 'failed' permission will be cached internally for some time.

-Matt
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 75 total points
ID: 37796391
David,

The change will replicate around the local AD site immediately by intra-site replication, so if you made the change in the same site as this user's Exchange mailbox is stored, chances are it's going to be on those DCs already. It's the internal caching in Exchange which will be more likely to cause delays for you. By default, Exchange will cache permissions like mailbox access and send as/on behalf rights for up to 4 hours. This is primarily to reduce load on AD by preventing Exchange checking with a DC every time a user performs an action.

Now, since your user has already tried to send and received a failure, Exchange will be caching a set of permissions which do not give the user the Send-As rights and will refer to these each time he tries to do so. Until that cache is refreshed, the user is going to be unable to exercise their send-as/-on-behalf rights, even if the permissions are correct in AD.

You could start restarting certain services, which will clear caches, but this will also take your mail environment offline for a period of time.

It's generally best just to wait.

-Matt
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question