Solved

Exchange 2013 - User Mailbox send as permissions disappearing

Posted on 2013-11-25
10
1,433 Views
Last Modified: 2015-11-27
Hi,

I have an Exchange 2013 installation - Version 15.0 ¿(Build 712.24)¿ in a Client's organisation, which was upgraded from 2010 by placing a new Exchange Server and moving the mailboxes. The 2010- Version 14.3 ¿(Build 123.4)¿ - is still active (not got round to taking it out yet as the Client is in a critical phase of project at moment and cannot have possibility of delay/disruption).

We have an ongoing problem that if we add in a send as permission to a mailbox, either from the ECP or via AD advanced permissions, some time later (10mins to 1hr), the permission is gone again.

Any pointers?

Thanks

Nick
0
Comment
Question by:pccorrect
10 Comments
 
LVL 6

Expert Comment

by:LectricX
ID: 39675489
I'd say you've got a replications issue, where something thinks it's the boss and is re-applying what it believes should be the case.

Try changing which environment you apply the change on?  Eg:  Use the Exch2010 console to apply the change if you've been trying to use the 2013 one.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39677248
Primary reason for the permission being removed is the user is a member of a protected group - Domain Admins, Administrators, Power Users etc. If that is the case then the domain will remove the permission automatically.

If you have accounts with those permissions you should be running a dual account model - where the mail enabled account is a regular account and users have a separate admin level account.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39685374
Thanks LectricX - I'll give that a go now.

Simon - The user is a standard user, and not a member of any protected groups.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685730
Were they ever a member of a protected group? Even when removing the group permission the tag in the domain can stick.

Look in ADSIEDIT at the user account. See if the ADMINSDHOLDER value is set to 1. If it is, then that is the problem.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39900972
I've requested that this question be deleted for the following reason:

Too Old
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39900973
"Too Old".
You will need to have a better reason for wanting the question closed than that.

Some valid answers have been provided and you have failed to follow up on them.
1
 

Author Comment

by:pccorrect
ID: 39908881
This was an old issue. I asked around and found out that this issue was not resolved and we moved this client to Office365.

What do you want me to do now?
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41324087
You can set permissions permenantly by modifying the security ACL for the AdminDSHolder object in the System container in AD. The changes will replicate to users who are members of protected groups.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
how to add IIS SMTP to handle application/Scanner relays into office 365.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question