NSI-Tech
asked on
problem 4003 (insuff_access_rights) when setting send as permission for a mailbox Exch2013
Hello
I have an exchange 2013 server where send as permission was working fine in the past.
Since yesterday afternoon it seems the permissions has disappeared for all the users that had the send as permission configured on mailboxes.
The send as permission for distribution groups is working fine.
I am now unable to set the send as permission via ECP on a mailbox as well as using exchange shell:
Powershell gives me the following error:
[PS] C:\Windows\system32>get-us
a" -ExtendedRights Send-As
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co
information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : [Server=SRV-MG-EXH-MB01,Re
-15 02:54:11 PM] [FailureCategory=Cmdlet-AD
ks.AddADPermission
+ PSComputerName : srv-mg-exh-mb01.magnabc.co
ECP give me the following error:
error:
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co
I have tried the following setting the Exchange trusted subsystem to allow full and enable inheritable permissions. This made no difference.
https://support.microsoft.com/en-za/help/2983209/access-denied-when-you-try-to-give-user-send-as-or-receive-as-permission-for-a-distribution-group-in-exchange-server-2010-or-exchange-server-2013
I also tried granting the user send as rights by opening the users account in AD security tab and granting the rights there. After a few minutes when I go back the setting has disappeared.
I discovered a temporary work around to fix the send as permission problem by granting the user a domain admin.
Can someone please help to find an alternate solution as to me granting the users domain admins to fix this permission problem?
Thank you
Regards
Jan
I have an exchange 2013 server where send as permission was working fine in the past.
Since yesterday afternoon it seems the permissions has disappeared for all the users that had the send as permission configured on mailboxes.
The send as permission for distribution groups is working fine.
I am now unable to set the send as permission via ECP on a mailbox as well as using exchange shell:
Powershell gives me the following error:
[PS] C:\Windows\system32>get-us
a" -ExtendedRights Send-As
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co
information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : [Server=SRV-MG-EXH-MB01,Re
-15 02:54:11 PM] [FailureCategory=Cmdlet-AD
ks.AddADPermission
+ PSComputerName : srv-mg-exh-mb01.magnabc.co
ECP give me the following error:
error:
Active Directory operation failed on SRV-MG-AUT-DC02.Magnabc.co
I have tried the following setting the Exchange trusted subsystem to allow full and enable inheritable permissions. This made no difference.
https://support.microsoft.com/en-za/help/2983209/access-denied-when-you-try-to-give-user-send-as-or-receive-as-permission-for-a-distribution-group-in-exchange-server-2010-or-exchange-server-2013
I also tried granting the user send as rights by opening the users account in AD security tab and granting the rights there. After a few minutes when I go back the setting has disappeared.
I discovered a temporary work around to fix the send as permission problem by granting the user a domain admin.
Can someone please help to find an alternate solution as to me granting the users domain admins to fix this permission problem?
Thank you
Regards
Jan
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Tom
Thank I have checked those settings.
I have checked and enabled the following: Organization / Sharing and make sure Default Sharing Policy is exists and selected.
Thank I have checked those settings.
I have checked and enabled the following: Organization / Sharing and make sure Default Sharing Policy is exists and selected.
ASKER
Mojahid
The 2 users that have a problem currently has inheritance disabled. It is server 2012 so there is no tick box. Only disable or enable inheritance.
Should I enable inheritance? Will it not cause problems? These accounts belong to my directors.
Please see the attached warning?
Regards
Jan
enable-inheritance.png
The 2 users that have a problem currently has inheritance disabled. It is server 2012 so there is no tick box. Only disable or enable inheritance.
Should I enable inheritance? Will it not cause problems? These accounts belong to my directors.
Please see the attached warning?
Regards
Jan
enable-inheritance.png
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Best solution provided. No more other questions from author
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Go to permissions / user roles and check if Default Role Assigment Policy is configured and appropriate fields are sellected.
Go to Organization / Sharing and make sure Default Sharing Policy is exists and selected.
This is based on Exchange 2013 becayse I don;t have Exchange 2016 but I think that setup should be similar.