Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issues setting Send-As permissions in Exchange 2013 on particular Distribution group

Posted on 2016-11-09
2
Medium Priority
?
78 Views
Last Modified: 2016-11-09
I had this question after viewing Setting Send As Permissions on a Mail Distribution Group.

I have the same issue as above and I've seen the proposed solution before, but I'm not sure if/how it applies here.  

In my situation, I just migrated from 2007 to 2013.  It appears any groups that have existed prior to being migrated (and upgraded) to 2013 now prevent me from being able to manage send-as rights.  I get the insufficient permissions error as indicated in the link above.

With the EAC I created a brand new DL in the same OU as the groups I cannot manage.  I have zero issues managing this group, including its send-as rights.

The test above would indicate that the Exchange Trusted Subsystem only has issues with the pre-existing DL, but I exported the AD permissions of a pre-existing group with the issue and my new test group.  The permissions are 100% identical.

I don't understand what's going on here.  Further I don't understand the statement that Exchange Trusted Subsystem by default does not have permissions to manage send-as.  This makes no sense to me as why would MS give you ability to manage the groups via EAC/Powershell but not assign the necessary permissions to do so?

At any rate, I'm looking forward to any suggestions as to how to remedy my issue as well as explain why the previous solution was even proposed and why it's necessary (when it seems not to be necessary for newly created groups).
0
Comment
Question by:mcdonamwION
  • 2
2 Comments
 

Accepted Solution

by:
mcdonamwION earned 0 total points
ID: 41881405
After copious amounts of searching I was able to track down this is in fact something that occurs by default (shame MS):  https://support.microsoft.com/en-us/kb/2983209

Further I was able to even find that the reason I am able to set send-as permissions on the new group is because in 2013 when Exchange creates the objects, the owner is set to the account of the actual Exchange server that created it.  This allows that Exchange server to continually modify it as needed.  If I ended up on another Exchange server via EAC, even the new group would throw the error as any other Exchange server would not have the needed permission.  https://blogs.technet.microsoft.com/manjubn/2014/06/04/exchange-2010-manage-send-as-permission-only-works-on-the-mailbox-server-where-public-folder-was-created/

In my case, my pre-existing groups all have Domain Admins set as the owner, as that's how things were done in 2007 (under the context of the user(s) who created the groups), but in 2013 it's instead done under the context of Exchange.

It would be nice if the Exchange setup set the correct permissions to the Exchange Windows Permissions group (for which Exchange Trusted Subsystem resides) as it seems to use this group vs. ETS for setting other necessary AD permissions.  I have provided the 'modify permission' to Exchange Windows Permissions group at the root of the domain and my issue is now resolved.
0
 

Author Closing Comment

by:mcdonamwION
ID: 41881412
I found my own solution.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question