• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1804
  • Last Modified:

Exchange 2013 - User Mailbox send as permissions disappearing

Hi,

I have an Exchange 2013 installation - Version 15.0 ¿(Build 712.24)¿ in a Client's organisation, which was upgraded from 2010 by placing a new Exchange Server and moving the mailboxes. The 2010- Version 14.3 ¿(Build 123.4)¿ - is still active (not got round to taking it out yet as the Client is in a critical phase of project at moment and cannot have possibility of delay/disruption).

We have an ongoing problem that if we add in a send as permission to a mailbox, either from the ECP or via AD advanced permissions, some time later (10mins to 1hr), the permission is gone again.

Any pointers?

Thanks

Nick
0
pccorrect
Asked:
pccorrect
1 Solution
 
Nathan PSystems ArchitectCommented:
I'd say you've got a replications issue, where something thinks it's the boss and is re-applying what it believes should be the case.

Try changing which environment you apply the change on?  Eg:  Use the Exch2010 console to apply the change if you've been trying to use the 2013 one.
0
 
Simon Butler (Sembee)ConsultantCommented:
Primary reason for the permission being removed is the user is a member of a protected group - Domain Admins, Administrators, Power Users etc. If that is the case then the domain will remove the permission automatically.

If you have accounts with those permissions you should be running a dual account model - where the mail enabled account is a regular account and users have a separate admin level account.

Simon.
0
 
pccorrectAuthor Commented:
Thanks LectricX - I'll give that a go now.

Simon - The user is a standard user, and not a member of any protected groups.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Simon Butler (Sembee)ConsultantCommented:
Were they ever a member of a protected group? Even when removing the group permission the tag in the domain can stick.

Look in ADSIEDIT at the user account. See if the ADMINSDHOLDER value is set to 1. If it is, then that is the problem.

Simon.
0
 
pccorrectAuthor Commented:
I've requested that this question be deleted for the following reason:

Too Old
0
 
Simon Butler (Sembee)ConsultantCommented:
"Too Old".
You will need to have a better reason for wanting the question closed than that.

Some valid answers have been provided and you have failed to follow up on them.
1
 
pccorrectAuthor Commented:
This was an old issue. I asked around and found out that this issue was not resolved and we moved this client to Office365.

What do you want me to do now?
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
You can set permissions permenantly by modifying the security ACL for the AdminDSHolder object in the System container in AD. The changes will replicate to users who are members of protected groups.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now