troubleshooting Question

problem 4003 (insuff_access_rights) when setting send as permission for a mailbox Exch2013

Avatar of NSI-Tech
NSI-Tech asked on
Powershell* ECPExchange
6 Comments2 Solutions5395 ViewsLast Modified:
Hello

I have an exchange 2013 server where send as permission was working fine in the past.

Since yesterday afternoon it seems the permissions has disappeared for all the users that had the send as permission configured on mailboxes.
The send as permission for distribution groups is working fine.

I am now unable to set the send as permission via ECP on a mailbox as well as using exchange shell:

Powershell gives me the following error:

[PS] C:\Windows\system32>get-user -identity "johan@fischercons.com" | Add-ADPermission -User "johan.fischer@magnabc.co.z
a" -ExtendedRights Send-As
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co.za. This error is not retriable. Additional
information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
    + FullyQualifiedErrorId : [Server=SRV-MG-EXH-MB01,RequestId=bcbeb446-fe44-4bc3-aad4-641b8dc219c3,TimeStamp=2017-03
   -15 02:54:11 PM] [FailureCategory=Cmdlet-ADOperationException] 3C1A4496,Microsoft.Exchange.Management.RecipientTas
  ks.AddADPermission
    + PSComputerName        : srv-mg-exh-mb01.magnabc.co.za

ECP give me the following error:

error:
 
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co.za. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0  
 
 I have tried the following setting the Exchange trusted subsystem to allow full and enable inheritable permissions. This made no difference.

https://support.microsoft.com/en-za/help/2983209/access-denied-when-you-try-to-give-user-send-as-or-receive-as-permission-for-a-distribution-group-in-exchange-server-2010-or-exchange-server-2013

I also tried granting the user send as rights by opening the users account in AD security tab and granting the rights there. After a few minutes when I go back the setting has disappeared.

 
I discovered a temporary work around to fix the send as permission problem by granting the user a domain admin.

Can someone please help to find an alternate solution as to me granting the users domain admins to fix this permission problem?

Thank you

Regards
Jan
SOLUTION
Md. Mojahid
Exchange server admin /Wintel Admin

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros