May 12 2010

“Manage Send As Permissions” issue in Exchange 2010

Category: English posts,TechnicalRpx @ 12:33

For the past 2 days I’ve been bashing my head against the desk because of an issue with granting “Send as” permissions to mailboxes in MS Exchange 2010.

The setup is quite standard, with MS Exchange being installed on a machine joined to a domain (not installed on the Domain Controller itself). Every time I wanted to grant "Send as” permissions to a mailbox, an error would be generated.

Error:

Active Directory operation failed on <domain controller>. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insuffiecient access rights.

Exchange Management Shell command attempted:

Add-ADPermission –Identity ‘CN=<foo>,DC=<bar>’ –User ‘NT AUTHORITY\SELF’ –ExtendedRights ‘Send-as’

Tracing and debugging lead me to reveal an obscure bug in the Active Directory Forest preparation process. It seems that Exchange Prep Tool does not grant inheritance properites to Active Directory objects, thus leading to missing permissions on user accounts.

In order to fix this, the following steps need to be taken:

1. Open the “Active Directory Users and Computers” tab in the Server Manager, on the Domain Controller and navigate to the “Users” folder.

2. From the View menu, click “Advanced Features

3. Open the properties window for each user you wish to grant access to and go to the “Security” tab.

4. Click on “Advanced”, and in the new window, make sure the “Include inheritable permissions from this object’s parent” checkbox is active. This should be active by default when the user is created, but somehow, it manages to be unchecked at times.

This should do it. Repeat the procedure for all the users who need "Send as" permission on their mailboxes.

Tags: ,

2 Responses to ““Manage Send As Permissions” issue in Exchange 2010”

  1. Mr Blue says:

    Ce enervante sunt drepturile pe windows server 2008, imi plac prezentarile de la microsoft unde aceste implementari merg struna

  2. Rpx says:

    Daaaaaa…. super prezentările lor, și bullshit-urile cu simplitatea în configurare.

    Dintre toate cele instalate până acum, singurul care a mers “out of the box” a fost MS SQL Server 2008. În rest, toate au avut nevoie de mici “ajustări” pentru a funcționa.

Leave a Reply