Link to home
Start Free TrialLog in
Avatar of Julie
JulieFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Accepted Domains

Hi, I wonder if someone can give us some guidance.  I hope this makes sense.

In exchange 2010 console, under organization configuration > hub transport > accepted domains, we have : - authoritative (default true) - authoritative (default false) is our AD domain and we have no issue with this. is a new accepted domain which has an MX record pointing to our external exchange  IP.

In order to send and receive emails from, we did the following :

created a new AD OU New Division in
created a new mailbox with the SMTP address of

In exchange console, under organization configuration > hub transport > e-mail address policies, we have :

New Policy - priority 1(applied) – for recipient container Division
Default Policy - priority Lowest (applied)

We can successfully send and receive emails from/to and they appear to come from  Great.  

We now need to be able to send and receive emails for, and have granted full access rights and send as permission to

Unfortunately, every time we attempt to send an email in Outlook 2010 using in the From field, we get :

"You can't send a message on behalf of this user unless you have permission to do so …."

Interestingly, if we change the primary SMTP address on to, we can send as with  

Have we missed a step, or is this simply not possible using a primary SMTP address from the accepted domain?

Best regards

Avatar of Miguel Angel Perez Muñoz
Miguel Angel Perez Muñoz
Flag of Spain image

Could you try opening testuser mailbox from currentuser account and send on this way?
it need to be set as authoritative so that you can send and receive as that domain
once you have done that you can have multiple email domain and any mailbox given right can send as that account
Avatar of Julie


Hi Miguel

Yes, in currentuser's Outlook, we've added testuser mailbox, and is available from the list when we click "From" in the email form.  When we Send, we get an undeliverable failure containing the error above.
Avatar of Julie


Hi irweazelwallis, all entries under accepted domains in exchange are authoritative.
I have tested this exact scenario in my lab and can "send as" without any issues. I have Authoritative Accepted Domains for and User1 for had absolutly no issues sending AS

The Send As permission is an Active Directory specific permission so make sure that your AD replication is working properly. Also have you treid to use Online Mode for Outlook to see if you still get the same issue? Or also re-creating the profile.

What you are seeing is either a caching or replication issue.

Avatar of Julie


Hi Will

All our clients run Outlook in cached mode.  We took this setting of for this particular user and tried to send as again.  Instead of a undeliverable failure message, we get a pop-up message instead.

We tried the same through OWA, just in case this is what you meant by Online Mode, with the same result.

Just to be clear, has only been added to exchange and the external domain's DNS settings, it is not an active directory domain.

I'd assume AD is replicating OK as we haven't encountered any other issues.  These amendments were performed some 48 hours ago, so hopefully any "propogation/replication" process would have completed?

Do let me know if I've misunderstood anything.

So using Outlook in Online mode determines it is not a caching issue.

Have you checked your AD replication/health? Use the below commands.

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v

Also, if you open ADUC find the account where you have send as permissions set and do the following
- open the properties for this account
- click on the security tab
- click advanced security button
- check to make sure that your account has Send As permissions

Also has the Exchange services been restarted or Exchange server been rebooted?

I would start by also re-starting the Exchange Information Store Service.

Avatar of Julie


The Exchange services have not been restarted, and the server has not been rebooted.  We have security updates to apply at the weekend, so we can perform those steps then.

Regarding the Send As permissions in ADUC, we can indeed see the permission added in the security settings.  

In respect of the replication commands, these have been performed on both DC's and although we don't fully understand the output, the only error that we can see is similar to the following :

            Replicating Directory Changes In Filtered Set

We'll attempt the Send As again on Monday to see if the Exchange restart is the cure all.

Best regards
Avatar of Julie
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Julie


The email setup is as we want it, the right people can "Send As" and we've added another Accepted Domain without problem.

Thanks to everyone who contributed.

Avatar of Julie


The solution was to ensure both the original account and the "Send As" account are in the same Active Directory OU, and, in addition, we removed the condition on the E-mail Address policy since only those users we've explicitly granted permission to would access the desired account.

Comments were extremely useful, particularly regarding troubleshooting replication, but they didn't resolve the issue in this case.