Don't have right permissions to assign "send as" rights in Exchange 2010 SP1

Status
Not open for further replies.
Q

QuintenS

I am trying to set up a new account to be used with Blackberry Enterprise Server. As part of that process, they have you make a new Exchange/AD account, and enable it to send mail on behalf of users. From my understanding of the command syntax, I am attempting to set the permission at the highest OU level that contains users who will be using a Blackberry, and then allowing the permission to inherit down.

I'm running into a stumbling block there. I try running the command in the Exchange Management Console, but I get a permission error:

Add- ADPermission - InheritedObjectType User - InheritanceType Descendents - ExtendedRights Send- As - User " BESAccountName" - Identity " OU=_Domain_Users,DC=our_company,DC=local"

Active Directory operation failed on domain_controller.our_company.local. This error is not retriable. Additional information: Access is de nied. Active directory response: 00000005: SecErr: DSID- 031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 + CategoryInfo : WriteError: (0:Int32) [ Add-ADPermission ] , ADOperationException + FullyQualifiedErrorId : 5F954904,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

From reading the Microsoft documentation: (http://technet.microsoft.com/en-us/library/dd638186.aspx) it looks like I need to be a member of the Organization Management group. I was already a member of Domain Admins, which was a member of this group. But I added myself directly to the group, logged out, and logged back in to try again. No luck.

What am I missing here? I have to admit I'm not an expert in the Exchange permissions model--trying to read an overview left me with lots of questions.

Can anyone tell me, step by step, what I can do to ensure that I have the appropriate permissions to set the Send-As attribute? I'm hoping it's something basic. If there are any questions I can answer about our setup, I'm happy to answer them as well. This is a new Exchange 2010 setup that we had a consultant help us install. We just last month upgraded to SP1, Rollup1.

Thanks!
 
J

Jonas Andersson [MCITP]

Hi

I suppose you have a service account to do the work for BES here

get-mailboxdatabase | add-adpermission -user bes-service-account -extendedrights Receive-As

Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog
 
Q

QuintenS

Yes, it's a service account. Unfortunately running the command you gave didn't change anything on the side of being able to add the Send As permission.
 
D

dikkehaaj

Check on both user accounts (active directory users & computers) if inherite permissions is enabled, if not enable it.

If that doesn't work fire up ADSIEDIT.MSC and give userA send as permissions on userB.
 
Q

QuintenS

I did more research, and I think that you are right that inherited permissions is improperly set on some of the mail accounts. I'm trying to do this for my whole domain though, so I'm hoping there's a work around, or a quick way to set that inherited permissions properly on all of the mail-enabled user accounts.

Unfortunately I cannot use ADSIEDIT to modify the SEND AS permission in Exchange 2010. Those permissions can now only be modified in Exchange Management Console, which only allows you act on one mailbox at a time--not an LDAP object like " _Domain users" is.
 
J

John Grenfell

Hi,

Can you do something like this to allow USER2 to send as for all your mail boxes?

Get-Mailbox | Add-ADPermission -ExtendedRights Send-As -user USER2

J
 
Q

QuintenS

Maybe that's what I'll end up doing. I guess I will have to re-do this if a new user joins the organization with a Blackberry, but that might only be a few a year, so not a big deal. Thanks
 
J

John Grenfell

If you're interested you could run this to find mailboxes which don't have the rights assigned to USER2 ...change domain\USER2 to reflect your domainname\user ;o))
Get-Mailbox -ResultSize Unlimited | Get-ADPermission | Where-Object {($_.ExtendedRights -like " Send-As" -and $_.User -like " domain\USER2" )}

You could then pipe that into Add-ADPermission to assign the missing rights
Get-Mailbox -ResultSize Unlimited | Get-ADPermission | Where-Object {($_.ExtendedRights -like " Send-As" -and $_.User -like " domain\USER2" )} | Add-ADPermission -ExtendedRights Send-As -user USER2

Good luck and glad I could help.

J
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
S Can't copy the items. You don't have permission to create an entry in this folder. Right-click the f Using Outlook 1
D E-mails don't delete right away. Exchange Server Administration 3
C All Gmails don't show in Outlook 2019 Using Outlook 0
diver864 vba for a rule to automatically accept meeting requests with 'vacation' in subject, change to all-day event, change to free, don't send reply Outlook VBA and Custom Forms 1
L Favorites don't update Using Outlook 1
B Outlook Business Contact Manager with SQL to Excel, User Defined Fields in BCM don't sync in SQL. Can I use VBA code to copy 1 field to another? BCM (Business Contact Manager) 0
N Outlook rules don't create a copy for bcc'ed emails Using Outlook 3
C Don't forward duplicate Using Outlook 0
E Don't want Inbox shown when login box is shown Using Outlook 1
Jennifer Murphy Equations don't comply with style setting to left justify Using Outlook 0
E you don't have permission to perform this action exchange 2016 Exchange Server Administration 0
B Outlook 2016: Can't delete default calendar but I don't use it Using Outlook 7
B IMAP folders don't update when Outlook 365 opens Using Outlook 0
O Don't need any add-ins at all? Using Outlook 2
Diane Poremsky Pictures don't display in Outlook messages New Slipstick.com Articles 4
wisedave Office 365 Outlook - Emails send but don't receive Using Outlook 12
D Mail accounts don't show up in navigation pane Using Outlook 1
C iCloud addresses don't show up in "Address Book" or "To:" Using Outlook 5
U Subdirectories in people don't show up in the address book Using Outlook 1
M some emails send from outbox, some don't Using Outlook 10
Lucas attachments in outlook don't open, when Icloud is connected Using Outlook 0
J Share calendar but don't share categories Exchange Server Administration 1
J Graphics in email don Using Outlook 0
M Outlook 2013 folders - don't want to synchronize with email provider's server Using Outlook 15
H URL's don't work in .oft file Using Outlook 1
D My replies don't show up in my inbox Using Outlook 1
J RSS feeds don't get any messages Using Outlook 4
J Contact groups don't sync properly Using Outlook 7
M Don't have permission to schedule meetings on behalf Using Outlook 1
A Send only, don't receive Using Outlook 1
D iPhone Alerts Don't Show Up in Outlook Using Outlook 2
mrje1 mailto links in browsers don't open up outlook email Using Outlook 2
P Replied-to email messages don't sync properly Using Outlook.com accounts in Outlook 3
B Item_Write = False don't prevent custom form from closing Using Outlook 1
J Don't want my Comcast mail going to Outlook Using Outlook 1
R Outlook 2010 Sent emails don't appear in the sent mail folder Using Outlook 9
J Custom Forms Don't Always Auto-Forward From Public Folder Using Outlook 0
G Import pst but Calendar and Contacts don't show. Using Outlook 12
D appointments on To Do Bar don't reflect the correct Calendar Using Outlook 3
B Synced Yahoo to Outlook but don't want to receive all old emails in Outlook? Using Outlook 6
C error message: 'you don't have permission to create an entry in this folder' Using Outlook 3
J Microsoft Outlook Calendar - end time of appointment has started printing but don't want it to print Using Outlook 2
T Outlook Reminders Don't Sound When Windows is Locked Using Outlook 2
T Why don't my send button will not send mail from keyboard? Using Outlook 10
B Why don't my 'Contacts' properties stay?, (Outlook 2010 - Vista). Using Outlook 3
L OWA 2010 Don't want to Spell Check Signature Using Outlook 2
J I don't appear to have archiving in Outlook 2007 Using Outlook 2
M Folders don't open up quickly Using Outlook 4
K Recurring meetings don't show on calendar Outlook 2010 Using Outlook 1
S Office 2007 - Cannot open .pst (you don't have appropriate permission to perform this operation) Using Outlook 1

Similar threads

Top