Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 Permission Change Disabled Account

Posted on 2014-07-24
2
Medium Priority
?
75 Views
Last Modified: 2015-02-10
Hello Experts,

I am trying to understanding how enable a permission disabled my account that i used to test the change and the users account i made the same change to.

We recently upgraded to Exchange 2010 from 2003 in Co-Existence and are about 95 complete with the migration. No issues all works fine. Today i got request to grant send as permissions for a user. When i attempted to do this in EMC i received access denied error regarding insufficient rights etc.

I researched the issue and found the links below and issue the commands recommended and made changes to permissions in AD (2008R2 Function level) as recommended bit only to a subset of OU's instead of the entire organization. This evening i get a call from the user because his account was disabled. I re-enabled in AD as well as mine since i did the same to my account to test. Can someone tell me why this happened?

Here are the PS commands i issued

Set-Mailbox user1 -type:shared

Add-ADPermission user1 -User User2 -ExtendedRights "Send As"

Sites I  Referenced

http://serverfault.com/questions/258673/cant-give-send-as-permissions-in-exchange-2010

http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB21225&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

I gave Exchange Servers Full Permission over the sub OU that the user was in and then marked his account to inherent permissions under the Advanced tab so that when i ran the second PS command it would propagate. Still failed but was able to do it from EMC under the Manage Send As Permissions

Help.
0
Comment
Question by:Oscar Reyes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
Joshua Jones earned 2000 total points
ID: 40218999
Hi evengeekier.

From the above described problem, I understand that the users with the correct AD permissions are unable to Send As the migrated mailbox after moving a mailbox.

First you need to verify whether the Send as Permission is still listed in the ADSI Edit or not.

Run the following command in the Exchange Management Shell to verify the Send As Permission:

Get-ADPermission -Identity “Migrated Mailbox’s Alias”

To know more there is link from where you can get the desired solutions:

Title: Manage Send As Permissions for a Mailbox
URL: http://technet.microsoft.com/en-us/library/bb676368.aspx
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40222682
What Exchange SP are you running? Any error in the AD event logs?
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question