?
Solved

Exchange 2007 Send As doesnt work

Posted on 2013-01-14
23
Medium Priority
?
785 Views
Last Modified: 2013-02-16
Hi

I have a problem with a send as permission in Exchange 2007. It just doesn't work.
So far I tried to do it in 3 ways:

1 and 2
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22575495.html

I did it in AD U&C and when I checked after some time, it just dissipated.

When I tried to run a shell command, I've got:

Add-ADPermission : Extended right "SendAs" was not found. Please make sure you
have typed it correctly.
At line:1 char:17
+ Add-ADPermission <<<<  "yyy" -User "domain\xxx" -Extendedrights SendAs
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-ADPermission], Mana
   gementObjectNotFoundException
    + FullyQualifiedErrorId : 2D7E220F,Microsoft.Exchange.Management.Recipient
   Tasks.AddADPermission

where yyy is the mailbox I want the other user to be able to send-as and domain\xxx is the user who will be sending as.

3 Obviously, first thing I tried before doing 1 and 2 was just right-clicking the mailbox in Exchange Management Console and choosing 'Manage Send As Permission' that didn't work and I'm pretty sure that what I set there will disappear too (I'm not 100% sure so I will monitor it again now).
0
Comment
Question by:tp-it-team
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
  • 5
23 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38773875
Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"

http://technet.microsoft.com/en-us/library/bb124403(v=EXCHG.80).aspx

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38773892
Is there any specific time I should wait for it to start working ?
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38773921
Thanks! It worked.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:tp-it-team
ID: 38774015
OK, I just double checked and it worked for one user and didn't for other.
Users are in the same department, their accounts should have exactly the same permissions. Any idea ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38774196
Ideally it could be cache issue or replication delay as this is a AD attribute so might have to wait sometimes .... can you ensure that once you run the command Exchange shows SendAS ?

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38774276
Where exactly ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38782750
If the permission is being removed, then you are probably trying to add the permission to a member or previous member of a protected group. This includes Domain Admins. That behaviour is by design. Exchange will remove permissions granted to protected group members.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38783026
That's interesting, I'm trying to set it up for the user without any admin privileges and I'm pretty sure that user never was a member of any administrative group.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785200
This is what is happening.
http://support.microsoft.com/kb/907434

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38806475
Users I'm talking about are not members of protected groups, and I'm not sure if I read it right but this article says about the situation where Exchange 5.5 is in use.

It is possible (but I'm not 100% sure) that these users were members of protected groups, if YES, it was long time ago.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38806991
Ideally only few Default users should be members of Protected groups as they have to have some default permissions assigned

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38807664
Even if they were a member of a protected group a long time ago, this would still be an issue as there is an entry written on the account that indicates it is a member which is not removed when you take away the group members.

The change has nothing to do with Exchange 5.5 - it was introduced with Exchange 2003 SP2 plus an update.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38832213
Is there any way to stop it for users who WERE members of the protected groups in the past ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38832278
Shouldnt matter if they arent as of today

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38832305
Yet, send as permission for these users is removed after a short while.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 800 total points
ID: 38832359
Is there some Group part of Protected Group and these users part of that ?

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835419
You need to check if the 'adminCount’  value is still set to 1. If it is, then the permissions will still be removed. You need to change it to 0 to stop that from happening. You can do that through ADUC on the Attributes tab.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38840227
I'm not sure what does it mean, but I checked 10 random, non-admin users, all of them have that value set to 1.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38842697
That means they either were, or are a member of a protected group.
That could be Domain Admins, Administrators, Power users etc. It should be set to "not set".

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38843957
Well, I don't really think that's the case. 100-200 users, including temps being members of admin groups at some point? No. That must be something else.
I created many of these users and I'm ABSOLUTELY sure the were not members of any privileged groups, yet, they have adminCount set to 1.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1200 total points
ID: 38844093
They could have been members of a group that was a member of a protected group.
I have seen all sorts of odd configurations in my time.

The bottom line is that the setting is there, and what is what is causing your problem. It needs to be removed.

This article from fellow Exchange MVP Michael B Smith explains more:
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

Simon.
0
 
LVL 1

Author Closing Comment

by:tp-it-team
ID: 38896358
Excellent work guys, I have it sorted now. Sorry it took so long.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question