?
Solved

Exchange 2007 Send As doesnt work

Posted on 2013-01-14
23
Medium Priority
?
814 Views
Last Modified: 2013-02-16
Hi

I have a problem with a send as permission in Exchange 2007. It just doesn't work.
So far I tried to do it in 3 ways:

1 and 2
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22575495.html

I did it in AD U&C and when I checked after some time, it just dissipated.

When I tried to run a shell command, I've got:

Add-ADPermission : Extended right "SendAs" was not found. Please make sure you
have typed it correctly.
At line:1 char:17
+ Add-ADPermission <<<<  "yyy" -User "domain\xxx" -Extendedrights SendAs
    + CategoryInfo          : NotSpecified: (0:Int32) [Add-ADPermission], Mana
   gementObjectNotFoundException
    + FullyQualifiedErrorId : 2D7E220F,Microsoft.Exchange.Management.Recipient
   Tasks.AddADPermission

where yyy is the mailbox I want the other user to be able to send-as and domain\xxx is the user who will be sending as.

3 Obviously, first thing I tried before doing 1 and 2 was just right-clicking the mailbox in Exchange Management Console and choosing 'Manage Send As Permission' that didn't work and I'm pretty sure that what I set there will disappear too (I'm not 100% sure so I will monitor it again now).
0
Comment
Question by:tp-it-team
  • 11
  • 6
  • 5
22 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38773875
Add-ADPermission -Identity "Ellen Adams" -User TedBrem -AccessRights extendedright -ExtendedRights "send as"

http://technet.microsoft.com/en-us/library/bb124403(v=EXCHG.80).aspx

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38773892
Is there any specific time I should wait for it to start working ?
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38773921
Thanks! It worked.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 1

Author Comment

by:tp-it-team
ID: 38774015
OK, I just double checked and it worked for one user and didn't for other.
Users are in the same department, their accounts should have exactly the same permissions. Any idea ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38774196
Ideally it could be cache issue or replication delay as this is a AD attribute so might have to wait sometimes .... can you ensure that once you run the command Exchange shows SendAS ?

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38774276
Where exactly ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38782750
If the permission is being removed, then you are probably trying to add the permission to a member or previous member of a protected group. This includes Domain Admins. That behaviour is by design. Exchange will remove permissions granted to protected group members.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38783026
That's interesting, I'm trying to set it up for the user without any admin privileges and I'm pretty sure that user never was a member of any administrative group.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38785200
This is what is happening.
http://support.microsoft.com/kb/907434

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38806475
Users I'm talking about are not members of protected groups, and I'm not sure if I read it right but this article says about the situation where Exchange 5.5 is in use.

It is possible (but I'm not 100% sure) that these users were members of protected groups, if YES, it was long time ago.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38806991
Ideally only few Default users should be members of Protected groups as they have to have some default permissions assigned

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38807664
Even if they were a member of a protected group a long time ago, this would still be an issue as there is an entry written on the account that indicates it is a member which is not removed when you take away the group members.

The change has nothing to do with Exchange 5.5 - it was introduced with Exchange 2003 SP2 plus an update.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38832213
Is there any way to stop it for users who WERE members of the protected groups in the past ?
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38832278
Shouldnt matter if they arent as of today

- Rancy
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38832305
Yet, send as permission for these users is removed after a short while.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 800 total points
ID: 38832359
Is there some Group part of Protected Group and these users part of that ?

- Rancy
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835419
You need to check if the 'adminCount’  value is still set to 1. If it is, then the permissions will still be removed. You need to change it to 0 to stop that from happening. You can do that through ADUC on the Attributes tab.

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38840227
I'm not sure what does it mean, but I checked 10 random, non-admin users, all of them have that value set to 1.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38842697
That means they either were, or are a member of a protected group.
That could be Domain Admins, Administrators, Power users etc. It should be set to "not set".

Simon.
0
 
LVL 1

Author Comment

by:tp-it-team
ID: 38843957
Well, I don't really think that's the case. 100-200 users, including temps being members of admin groups at some point? No. That must be something else.
I created many of these users and I'm ABSOLUTELY sure the were not members of any privileged groups, yet, they have adminCount set to 1.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1200 total points
ID: 38844093
They could have been members of a group that was a member of a protected group.
I have seen all sorts of odd configurations in my time.

The bottom line is that the setting is there, and what is what is causing your problem. It needs to be removed.

This article from fellow Exchange MVP Michael B Smith explains more:
http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

Simon.
0
 
LVL 1

Author Closing Comment

by:tp-it-team
ID: 38896358
Excellent work guys, I have it sorted now. Sorry it took so long.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question