Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Issues setting Send-As permissions in Exchange 2013 on particular Distribution group

Posted on 2016-11-09
2
Medium Priority
?
73 Views
Last Modified: 2016-11-09
I had this question after viewing Setting Send As Permissions on a Mail Distribution Group.

I have the same issue as above and I've seen the proposed solution before, but I'm not sure if/how it applies here.  

In my situation, I just migrated from 2007 to 2013.  It appears any groups that have existed prior to being migrated (and upgraded) to 2013 now prevent me from being able to manage send-as rights.  I get the insufficient permissions error as indicated in the link above.

With the EAC I created a brand new DL in the same OU as the groups I cannot manage.  I have zero issues managing this group, including its send-as rights.

The test above would indicate that the Exchange Trusted Subsystem only has issues with the pre-existing DL, but I exported the AD permissions of a pre-existing group with the issue and my new test group.  The permissions are 100% identical.

I don't understand what's going on here.  Further I don't understand the statement that Exchange Trusted Subsystem by default does not have permissions to manage send-as.  This makes no sense to me as why would MS give you ability to manage the groups via EAC/Powershell but not assign the necessary permissions to do so?

At any rate, I'm looking forward to any suggestions as to how to remedy my issue as well as explain why the previous solution was even proposed and why it's necessary (when it seems not to be necessary for newly created groups).
0
Comment
Question by:mcdonamwION
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
mcdonamwION earned 0 total points
ID: 41881405
After copious amounts of searching I was able to track down this is in fact something that occurs by default (shame MS):  https://support.microsoft.com/en-us/kb/2983209

Further I was able to even find that the reason I am able to set send-as permissions on the new group is because in 2013 when Exchange creates the objects, the owner is set to the account of the actual Exchange server that created it.  This allows that Exchange server to continually modify it as needed.  If I ended up on another Exchange server via EAC, even the new group would throw the error as any other Exchange server would not have the needed permission.  https://blogs.technet.microsoft.com/manjubn/2014/06/04/exchange-2010-manage-send-as-permission-only-works-on-the-mailbox-server-where-public-folder-was-created/

In my case, my pre-existing groups all have Domain Admins set as the owner, as that's how things were done in 2007 (under the context of the user(s) who created the groups), but in 2013 it's instead done under the context of Exchange.

It would be nice if the Exchange setup set the correct permissions to the Exchange Windows Permissions group (for which Exchange Trusted Subsystem resides) as it seems to use this group vs. ETS for setting other necessary AD permissions.  I have provided the 'modify permission' to Exchange Windows Permissions group at the root of the domain and my issue is now resolved.
0
 

Author Closing Comment

by:mcdonamwION
ID: 41881412
I found my own solution.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question