Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to allow a user to send email from another user via the server

Posted on 2012-04-02
6
Medium Priority
?
318 Views
Last Modified: 2012-04-02
A user is on holiday and someone else is monitoring his account.  When the new user tries to send an email from the abscent users mailbox he gets an error as he does have the correct permissions.  How do I change this setting from the server console?

Thanks, David
0
Comment
Question by:djemanuel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 17

Assisted Solution

by:Anuroopsundd
Anuroopsundd earned 300 total points
ID: 37796305
You will require to give him Send As permission.
0
 

Author Comment

by:djemanuel
ID: 37796328
Ah, I have done this already, perhaps I just need to wait for a replication.  Do you know how frequently they run?

Thanks, David
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796348
depends upon the link and location of your DC's.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 37796358
That all depends on how you want the messages to be "perceived". There are two methods, each requiring slightly different permissions.

Send As allows the user to impersonate the person who is on holiday without any mention in the emails that it is really the covering user sending those messages. This is good when a Shared Mailbox is in use, but companies don't tend to like it when one user is covering another user. To add Send-As permissions, you can do it at the Exchange Management Shell: get-mailbox <the user on holiday> | add-adpermission -user DOMAIN\<username of covering user> -accessright extendedright -extendedrights send-as
Send on Behalf is the preferred method for these scenarios in most institutions. It is a lesser permission from a political perspective. This provides some accountability, because all messages are signed as <Covering User> on behalf of <User on Holiday>. Thus, recipients are aware who has really sent the message and the user on holiday is protected - covering user cannot impersonate him. Ultimately, it's a trust thing, but it's important to get it right. Send on behalf rights can be added by editing the user properties in the Management Console, or again, at the shell: Set-Mailbox <Holiday User> -GrantSendOnBehalfTo <Covering User>

All permissions changes are likely to take some time to take effect, especially if the user has tried and received failures, as the 'failed' permission will be cached internally for some time.

-Matt
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 300 total points
ID: 37796391
David,

The change will replicate around the local AD site immediately by intra-site replication, so if you made the change in the same site as this user's Exchange mailbox is stored, chances are it's going to be on those DCs already. It's the internal caching in Exchange which will be more likely to cause delays for you. By default, Exchange will cache permissions like mailbox access and send as/on behalf rights for up to 4 hours. This is primarily to reduce load on AD by preventing Exchange checking with a DC every time a user performs an action.

Now, since your user has already tried to send and received a failure, Exchange will be caching a set of permissions which do not give the user the Send-As rights and will refer to these each time he tries to do so. Until that cache is refreshed, the user is going to be unable to exercise their send-as/-on-behalf rights, even if the permissions are correct in AD.

You could start restarting certain services, which will clear caches, but this will also take your mail environment offline for a period of time.

It's generally best just to wait.

-Matt
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question