Setting Send As Permissions on a Mail Distribution Group

When running Add-ADPermission "Group Name" -ExtendedRights Send-As -user "domain\username" it continues to fail with this error (running in EMS):

Active Directory operation failed on ert-dc05.domain.COM. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : 415E0D31,Microsoft.Exchange.Management.RecipientTasks.AddADPermission


My account is a member of the domains admin group and organization management in exchange. I can run this same command with no issues when running for "Send As" permissions on a mailbox but now a distribution group. Any suggestions on what may cause this? I can go into ADUC and does this with the GUI but not in shell for some reason.
LVL 16
timgreen7077Exchange EngineerAsked:
Who is Participating?
 
ChrisCommented:
Exchange Trusted Subsystem doesn't have permission to modify the distribution groups, this is by default. You can fix this with the following steps:

Open Active Directory Users and Computers.
Click View, and then click Advanced Features.
Right-click the OU that contains the distribution lists, and then click Properties.
In the Security tab, click Advanced.
In the Permissions tab, click Add.
In the Enter object name to select box, type Exchange trusted subsystem, and then click OK.
In the Object tab, select This object and all descendants objects in the Apply onto list, locate Modify Permissions in the Permissions list, and then set it to Allow.
Click OK.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.