hiding from Gal stops send on behalf

Status
Not open for further replies.
S

stoon41

Created a resource type of mailbox in exchange 2003.  This is used by a variey of users as an additional mailbox in their mail outlook profile.
Gave users full access to the mailbox as well as send on behalf permisisons.
Users tested the functionality by adding the resource mailbox in the from field.  Everything worked fine.
Next wanted to hide the resource mailbox from the GAL.
Applied this change and users now get the error message that they do not have permisison to send to the recipient.
The can add the resource mailbox as a seperate profile and do not see the error message.

Why would this stop working.  Does outlook have to query the GAL to see permisisons for the recipient and sender?
ps...we do not have mail restrictions on mail enabled users, only on certain mail groups
 
A

AndyD_ [MVP]

By design:
http://technet.microsoft.com/en-us/library/aa998291.aspx

"Also, before you perform this procedure, be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address lists. When sending a message, Exchange requires that an e-mail address is resolved in the From field. In the case where a message is sent on behalf of a mailbox that is hidden from address lists, the SMTP address is interpreted as an address that is not from your organization (known as a foreign address) and is rejected"

( Note this applies to Exch 2003 as well)
 
K

Karl Mitschke

Andy;

Do you know if the LegacyExchangeDN would work on the From: line?

Seems like I used to do this in Exchange 5.5

Karl
 
A

AndyD_ [MVP]

Hi Karl,
From my testing, as long as the entry can be resolved to something in the auto-complate nickname cache, then it still works even if its hidden.
( So LEDN does work in this case).
Of course for those users who do not have it cached, it fails.
 
K

Karl Mitschke

Andy;

I just created a new user, with a new mailbox, gave myself send as permissions, and hid it from the GAL.

I can send using the LEDN, and it was not in my auto-complete cache

Karl
 
A

AndyD_ [MVP]

Interesting. Maybe I need to update my testing for Exchange 2007! :p

The tough part of that of course is for the average user, its a bit of a pain and they need to know or guess at the LEDN.
 
K

Karl Mitschke



Well, the administrator could give them the LEDN :)

Can you test this on 2003?

Like I say, it worked on 5.5 - and 5.0 (i'm fairly sure)

Karl

 
A

AndyD_ [MVP]

I dont have any 2003 left, I was just remembering from the past so it may be murky.
And of course, you can also create an Outlook profile for a hidden user with the LEDN as well.

 
E

Elvis Wei



Hi Karl,

 

As the article provided by Andy explained, if the object is invisible, its smtp address is treated as "external" by the store since it cannot resolve it against an object in the AD. 

 

You have find the workaround, use LegacyExchangeDN is a good idea for such situation. Thank you for your sharing! :)

 

Regards,

 

Elvis

 
Status
Not open for further replies.
Top