Solved

Exchange 2013 - User Mailbox send as permissions disappearing

Posted on 2013-11-25
10
1,518 Views
Last Modified: 2015-11-27
Hi,

I have an Exchange 2013 installation - Version 15.0 ¿(Build 712.24)¿ in a Client's organisation, which was upgraded from 2010 by placing a new Exchange Server and moving the mailboxes. The 2010- Version 14.3 ¿(Build 123.4)¿ - is still active (not got round to taking it out yet as the Client is in a critical phase of project at moment and cannot have possibility of delay/disruption).

We have an ongoing problem that if we add in a send as permission to a mailbox, either from the ECP or via AD advanced permissions, some time later (10mins to 1hr), the permission is gone again.

Any pointers?

Thanks

Nick
0
Comment
Question by:pccorrect
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 6

Expert Comment

by:LectricX
ID: 39675489
I'd say you've got a replications issue, where something thinks it's the boss and is re-applying what it believes should be the case.

Try changing which environment you apply the change on?  Eg:  Use the Exch2010 console to apply the change if you've been trying to use the 2013 one.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39677248
Primary reason for the permission being removed is the user is a member of a protected group - Domain Admins, Administrators, Power Users etc. If that is the case then the domain will remove the permission automatically.

If you have accounts with those permissions you should be running a dual account model - where the mail enabled account is a regular account and users have a separate admin level account.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39685374
Thanks LectricX - I'll give that a go now.

Simon - The user is a standard user, and not a member of any protected groups.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685730
Were they ever a member of a protected group? Even when removing the group permission the tag in the domain can stick.

Look in ADSIEDIT at the user account. See if the ADMINSDHOLDER value is set to 1. If it is, then that is the problem.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39900972
I've requested that this question be deleted for the following reason:

Too Old
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39900973
"Too Old".
You will need to have a better reason for wanting the question closed than that.

Some valid answers have been provided and you have failed to follow up on them.
1
 

Author Comment

by:pccorrect
ID: 39908881
This was an old issue. I asked around and found out that this issue was not resolved and we moved this client to Office365.

What do you want me to do now?
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41324087
You can set permissions permenantly by modifying the security ACL for the AdminDSHolder object in the System container in AD. The changes will replicate to users who are members of protected groups.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question