Solved

Exchange 2007 Send As doesnt work

Posted on 2013-01-14
23
725 Views
Last Modified: 2013-02-16
Hi

I have a problem with a send as permission in Exchange 2007. It just doesn't work.
So far I tried to do it in 3 ways:

1 and 2
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22575495.html

I did it in AD U&C and when I checked after some time, it just dissipated.

When I tried to run a shell command, I've got:

Add-ADPermission : Extended right "SendAs" was not found. Please make sure you
have typed it correctly.
At line:1 char:17
+ Add-ADPermission <<<<  "yyy" -User "domain\xxx" -Extendedrights SendAs
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-ADPermission], Mana
   gementObjectNotFoundException
    + FullyQualifiedErrorId : 2D7E220F,Microsoft.Exchange.Management.Recipient
   Tasks.AddADPermission

where yyy is the mailbox I want the other user to be able to send-as and domain\xxx is the user who will be sending as.

3 Obviously, first thing I tried before doing 1 and 2 was just right-clicking the mailbox in Exchange Management Console and choosing 'Manage Send As Permission' that didn't work and I'm pretty sure that what I set there will disappear too (I'm not 100% sure so I will monitor it again now).
0
Comment
Question by:tp-it-team
  • 11
  • 6
  • 5
23 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38773875
Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"

http://technet.microsoft.com/en-us/library/bb124403(v=EXCHG.80).aspx

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38773892
Is there any specific time I should wait for it to start working ?
0
 

Author Comment

by:tp-it-team
ID: 38773921
Thanks! It worked.
0
 

Author Comment

by:tp-it-team
ID: 38774015
OK, I just double checked and it worked for one user and didn't for other.
Users are in the same department, their accounts should have exactly the same permissions. Any idea ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38774196
Ideally it could be cache issue or replication delay as this is a AD attribute so might have to wait sometimes .... can you ensure that once you run the command Exchange shows SendAS ?

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38774276
Where exactly ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38782750
If the permission is being removed, then you are probably trying to add the permission to a member or previous member of a protected group. This includes Domain Admins. That behaviour is by design. Exchange will remove permissions granted to protected group members.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38783026
That's interesting, I'm trying to set it up for the user without any admin privileges and I'm pretty sure that user never was a member of any administrative group.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785200
This is what is happening.
http://support.microsoft.com/kb/907434

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38806475
Users I'm talking about are not members of protected groups, and I'm not sure if I read it right but this article says about the situation where Exchange 5.5 is in use.

It is possible (but I'm not 100% sure) that these users were members of protected groups, if YES, it was long time ago.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38806991
Ideally only few Default users should be members of Protected groups as they have to have some default permissions assigned

- Rancy
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38807664
Even if they were a member of a protected group a long time ago, this would still be an issue as there is an entry written on the account that indicates it is a member which is not removed when you take away the group members.

The change has nothing to do with Exchange 5.5 - it was introduced with Exchange 2003 SP2 plus an update.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38832213
Is there any way to stop it for users who WERE members of the protected groups in the past ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38832278
Shouldnt matter if they arent as of today

- Rancy
0
 

Author Comment

by:tp-it-team
ID: 38832305
Yet, send as permission for these users is removed after a short while.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 200 total points
ID: 38832359
Is there some Group part of Protected Group and these users part of that ?

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835419
You need to check if the 'adminCount’  value is still set to 1. If it is, then the permissions will still be removed. You need to change it to 0 to stop that from happening. You can do that through ADUC on the Attributes tab.

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38840227
I'm not sure what does it mean, but I checked 10 random, non-admin users, all of them have that value set to 1.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38842697
That means they either were, or are a member of a protected group.
That could be Domain Admins, Administrators, Power users etc. It should be set to "not set".

Simon.
0
 

Author Comment

by:tp-it-team
ID: 38843957
Well, I don't really think that's the case. 100-200 users, including temps being members of admin groups at some point? No. That must be something else.
I created many of these users and I'm ABSOLUTELY sure the were not members of any privileged groups, yet, they have adminCount set to 1.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 300 total points
ID: 38844093
They could have been members of a group that was a member of a protected group.
I have seen all sorts of odd configurations in my time.

The bottom line is that the setting is there, and what is what is causing your problem. It needs to be removed.

This article from fellow Exchange MVP Michael B Smith explains more:
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

Simon.
0
 

Author Closing Comment

by:tp-it-team
ID: 38896358
Excellent work guys, I have it sorted now. Sorry it took so long.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Resolve DNS query failed errors for Exchange
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now