Solved

Exchange 2007 Send As doesnt work

Posted on 2013-01-14
23
742 Views
Last Modified: 2013-02-16
Hi

I have a problem with a send as permission in Exchange 2007. It just doesn't work.
So far I tried to do it in 3 ways:

1 and 2
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22575495.html

I did it in AD U&C and when I checked after some time, it just dissipated.

When I tried to run a shell command, I've got:

Add-ADPermission : Extended right "SendAs" was not found. Please make sure you
have typed it correctly.
At line:1 char:17
+ Add-ADPermission <<<<  "yyy" -User "domain\xxx" -Extendedrights SendAs
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-ADPermission], Mana
   gementObjectNotFoundException
    + FullyQualifiedErrorId : 2D7E220F,Microsoft.Exchange.Management.Recipient
   Tasks.AddADPermission

where yyy is the mailbox I want the other user to be able to send-as and domain\xxx is the user who will be sending as.

3 Obviously, first thing I tried before doing 1 and 2 was just right-clicking the mailbox in Exchange Management Console and choosing 'Manage Send As Permission' that didn't work and I'm pretty sure that what I set there will disappear too (I'm not 100% sure so I will monitor it again now).
0
Comment
Question by:tp-it-team
  • 11
  • 6
  • 5
23 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38773875
Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"

http://technet.microsoft.com/en-us/library/bb124403(v=EXCHG.80).aspx

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38773892
Is there any specific time I should wait for it to start working ?
0
 

Author Comment

by:tp-it-team
ID: 38773921
Thanks! It worked.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:tp-it-team
ID: 38774015
OK, I just double checked and it worked for one user and didn't for other.
Users are in the same department, their accounts should have exactly the same permissions. Any idea ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38774196
Ideally it could be cache issue or replication delay as this is a AD attribute so might have to wait sometimes .... can you ensure that once you run the command Exchange shows SendAS ?

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38774276
Where exactly ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38782750
If the permission is being removed, then you are probably trying to add the permission to a member or previous member of a protected group. This includes Domain Admins. That behaviour is by design. Exchange will remove permissions granted to protected group members.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38783026
That's interesting, I'm trying to set it up for the user without any admin privileges and I'm pretty sure that user never was a member of any administrative group.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785200
This is what is happening.
http://support.microsoft.com/kb/907434

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38806475
Users I'm talking about are not members of protected groups, and I'm not sure if I read it right but this article says about the situation where Exchange 5.5 is in use.

It is possible (but I'm not 100% sure) that these users were members of protected groups, if YES, it was long time ago.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38806991
Ideally only few Default users should be members of Protected groups as they have to have some default permissions assigned

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38807664
Even if they were a member of a protected group a long time ago, this would still be an issue as there is an entry written on the account that indicates it is a member which is not removed when you take away the group members.

The change has nothing to do with Exchange 5.5 - it was introduced with Exchange 2003 SP2 plus an update.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38832213
Is there any way to stop it for users who WERE members of the protected groups in the past ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38832278
Shouldnt matter if they arent as of today

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38832305
Yet, send as permission for these users is removed after a short while.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 200 total points
ID: 38832359
Is there some Group part of Protected Group and these users part of that ?

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835419
You need to check if the 'adminCount’  value is still set to 1. If it is, then the permissions will still be removed. You need to change it to 0 to stop that from happening. You can do that through ADUC on the Attributes tab.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38840227
I'm not sure what does it mean, but I checked 10 random, non-admin users, all of them have that value set to 1.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38842697
That means they either were, or are a member of a protected group.
That could be Domain Admins, Administrators, Power users etc. It should be set to "not set".

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38843957
Well, I don't really think that's the case. 100-200 users, including temps being members of admin groups at some point? No. That must be something else.
I created many of these users and I'm ABSOLUTELY sure the were not members of any privileged groups, yet, they have adminCount set to 1.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 300 total points
ID: 38844093
They could have been members of a group that was a member of a protected group.
I have seen all sorts of odd configurations in my time.

The bottom line is that the setting is there, and what is what is causing your problem. It needs to be removed.

This article from fellow Exchange MVP Michael B Smith explains more:
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

Simon.
0
 

Author Closing Comment

by:tp-it-team
ID: 38896358
Excellent work guys, I have it sorted now. Sorry it took so long.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out what you should include to make the best professional email signature for your organization.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question