Send as permissions Exchange 2007

Hi Everyone,

We have "USER A" who needs "send as" rights to "USER B" mailbox. In exchange 2007 management console, I right click on "USER B" account and clicked on Manage Send As Permission and added "USER A" to it.

Next day "USER A" couldn't send emails and when I checked Manage Send As Permission in Exchange Management Console, the name wasn't there.

I also set it from Active Directory and still same issue. Username gets removed after some period of time.

Does anyone know why this is happening?

Thanks
LVL 1
skyjumperdudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KwoofCommented:
Sometimes this is easier set up in the users outlook to configure delegates properly
0
Mohammed TahirMicrosoft Exchange and O365 AdministratorCommented:
Use powershell command to grant Send As permission.

For example if you want to grant user abc the Send-As permission for the xyz Mailbox you can use the following command line:

Get-user -identity “xyz@yourdomain.com” | Add-ADPermission -User “abc@yourdomain.com” -ExtendedRights Send-As

Refer:
http://www.msexchangeblog.nl/2010/10/22/exchange-full-access-and-send-as-mailbox-permissions-with-powershell/


Tahir
0
Simon Butler (Sembee)ConsultantCommented:
Is the user who got the permission a domain admin or other power user? If so then Exchange will remove those permissions. It will also remove the permission if the user WAS a domain admin or other power user type.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

skyjumperdudeAuthor Commented:
Hi Kwoof,

I can only delegate permissions on Calendar, Tasks, Inbox Contacts Notes, Journals.

Is there another area I can do this from? Can you please provide more detail on this?
0
skyjumperdudeAuthor Commented:
Hi Md_tahir21,

I ran the command and after a few hours the permissions were removed again.
0
skyjumperdudeAuthor Commented:
Hi  Sembee2,

No the user isn't part of any domain admins or power users group.
0
Simon Butler (Sembee)ConsultantCommented:
The behaviour you are seeing is exactly what happens when they are or were members of an admin group. The full list is this:

Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers


Look at the account in adsiedit - check if the account has admincount set to 1. If so, then they either are, or were a member of one of the above groups.

Simon.
0
skyjumperdudeAuthor Commented:
Hi Sembee2

You are right the admincount is set to 1. Should I change it to 0?
0
Simon Butler (Sembee)ConsultantCommented:
As long as they aren't a member of the groups I have listed, clear the entry - so open it in ADSIEDIT and choose clear so that it is <not set>.
Then wait for the domain to replicate the changes and confirm the value has gone (30 minutes should be enough in most domains).
If so, apply the permission again.

Simon.
0
skyjumperdudeAuthor Commented:
The value is back. May be the user is part of the local groups that you listed on her computer. Is there an easy way for this?
0
Simon Butler (Sembee)ConsultantCommented:
Local groups on the computer wouldn't cause it.
You can be a local admin and it doesn't affect the domain.

You need to check the groups the user is a member of, see if they are a member of a group which is a member of a group with permissions they shouldn't have.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skyjumperdudeAuthor Commented:
You were right. "Domain users" and "users" groups were members of Printer operators. I removed domain users and left users group there. I will keep an eye on it now.

Should I also remove users from printer operators?
0
Simon Butler (Sembee)ConsultantCommented:
Is there any reason for them to be in that group? I cannot think of any reason why they should, so remove it. You will need to wait for it to be replicated before trying to set the permissions again.

Simon.
0
skyjumperdudeAuthor Commented:
Everything has been working so far. Thank you so much Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.