Solved

Issues setting Send-As permissions in Exchange 2013 on particular Distribution group

Posted on 2016-11-09
2
40 Views
Last Modified: 2016-11-09
I had this question after viewing Setting Send As Permissions on a Mail Distribution Group.

I have the same issue as above and I've seen the proposed solution before, but I'm not sure if/how it applies here.  

In my situation, I just migrated from 2007 to 2013.  It appears any groups that have existed prior to being migrated (and upgraded) to 2013 now prevent me from being able to manage send-as rights.  I get the insufficient permissions error as indicated in the link above.

With the EAC I created a brand new DL in the same OU as the groups I cannot manage.  I have zero issues managing this group, including its send-as rights.

The test above would indicate that the Exchange Trusted Subsystem only has issues with the pre-existing DL, but I exported the AD permissions of a pre-existing group with the issue and my new test group.  The permissions are 100% identical.

I don't understand what's going on here.  Further I don't understand the statement that Exchange Trusted Subsystem by default does not have permissions to manage send-as.  This makes no sense to me as why would MS give you ability to manage the groups via EAC/Powershell but not assign the necessary permissions to do so?

At any rate, I'm looking forward to any suggestions as to how to remedy my issue as well as explain why the previous solution was even proposed and why it's necessary (when it seems not to be necessary for newly created groups).
0
Comment
Question by:mcdonamwION
  • 2
2 Comments
 

Accepted Solution

by:
mcdonamwION earned 0 total points
ID: 41881405
After copious amounts of searching I was able to track down this is in fact something that occurs by default (shame MS):  https://support.microsoft.com/en-us/kb/2983209

Further I was able to even find that the reason I am able to set send-as permissions on the new group is because in 2013 when Exchange creates the objects, the owner is set to the account of the actual Exchange server that created it.  This allows that Exchange server to continually modify it as needed.  If I ended up on another Exchange server via EAC, even the new group would throw the error as any other Exchange server would not have the needed permission.  https://blogs.technet.microsoft.com/manjubn/2014/06/04/exchange-2010-manage-send-as-permission-only-works-on-the-mailbox-server-where-public-folder-was-created/

In my case, my pre-existing groups all have Domain Admins set as the owner, as that's how things were done in 2007 (under the context of the user(s) who created the groups), but in 2013 it's instead done under the context of Exchange.

It would be nice if the Exchange setup set the correct permissions to the Exchange Windows Permissions group (for which Exchange Trusted Subsystem resides) as it seems to use this group vs. ETS for setting other necessary AD permissions.  I have provided the 'modify permission' to Exchange Windows Permissions group at the root of the domain and my issue is now resolved.
0
 

Author Closing Comment

by:mcdonamwION
ID: 41881412
I found my own solution.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question