Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2013 - User Mailbox send as permissions disappearing

Posted on 2013-11-25
10
Medium Priority
?
1,705 Views
Last Modified: 2015-11-27
Hi,

I have an Exchange 2013 installation - Version 15.0 ¿(Build 712.24)¿ in a Client's organisation, which was upgraded from 2010 by placing a new Exchange Server and moving the mailboxes. The 2010- Version 14.3 ¿(Build 123.4)¿ - is still active (not got round to taking it out yet as the Client is in a critical phase of project at moment and cannot have possibility of delay/disruption).

We have an ongoing problem that if we add in a send as permission to a mailbox, either from the ECP or via AD advanced permissions, some time later (10mins to 1hr), the permission is gone again.

Any pointers?

Thanks

Nick
0
Comment
Question by:pccorrect
10 Comments
 
LVL 6

Expert Comment

by:Nathan P
ID: 39675489
I'd say you've got a replications issue, where something thinks it's the boss and is re-applying what it believes should be the case.

Try changing which environment you apply the change on?  Eg:  Use the Exch2010 console to apply the change if you've been trying to use the 2013 one.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39677248
Primary reason for the permission being removed is the user is a member of a protected group - Domain Admins, Administrators, Power Users etc. If that is the case then the domain will remove the permission automatically.

If you have accounts with those permissions you should be running a dual account model - where the mail enabled account is a regular account and users have a separate admin level account.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39685374
Thanks LectricX - I'll give that a go now.

Simon - The user is a standard user, and not a member of any protected groups.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39685730
Were they ever a member of a protected group? Even when removing the group permission the tag in the domain can stick.

Look in ADSIEDIT at the user account. See if the ADMINSDHOLDER value is set to 1. If it is, then that is the problem.

Simon.
0
 

Author Comment

by:pccorrect
ID: 39900972
I've requested that this question be deleted for the following reason:

Too Old
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39900973
"Too Old".
You will need to have a better reason for wanting the question closed than that.

Some valid answers have been provided and you have failed to follow up on them.
1
 

Author Comment

by:pccorrect
ID: 39908881
This was an old issue. I asked around and found out that this issue was not resolved and we moved this client to Office365.

What do you want me to do now?
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 41324087
You can set permissions permenantly by modifying the security ACL for the AdminDSHolder object in the System container in AD. The changes will replicate to users who are members of protected groups.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question