Remove From My Forums

Grant send as on Distribution group Access Denied

Question

0

Sign in to vote

Hi All,

the following command working on Exchange 2007 but not Exchange 2010.

Get-distributionGroup "Group A" | Add-adpermission -user "UserB" -AccessRights exntendright -extendrights "Send-as"

In Exchange 2010, it will have error "This error is not retriable. Additional information " Access is Denied"

I know I can modify in ADUC, ->security

but if ok, i would like to grant using powershell

Wednesday, November 20, 2013 7:18 AM

Reply

|

Quote

Answers

0

Sign in to vote
Hello,

RBAC can be used to provide granular permissions to anyone/anygroup and with RBAC you need to create a management role group and associate role group policies to it and add users accordingly. However, since we are talking about the "Top Most" level of permissions - Organizational Management. Does not matter what you do, when someone is an Organizational Managment group member, FULL permissions will be allowed to that ID - this is by design.

Simply put - you cannot edit the Organizational Management role assignments and policies.

best!
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Regards, Siva
- Marked as answer by Simon_WuMicrosoft contingent staff, Moderator Saturday, December 07, 2013 6:22 PM
Thursday, November 21, 2013 3:03 PM

Reply

|

Quote

All replies

0

Sign in to vote

Please post the exact command and the exact error message you receive. What you posted is in error.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Wednesday, November 20, 2013 7:25 AM

Reply

|

Quote

0

Sign in to vote

HI the command and error are on the 1st post.

Wednesday, November 20, 2013 9:38 AM

Reply

|

Quote

0

Sign in to vote

You will need Organization Management rights to make this change. Do you have those rights?
HossFly, Exchange Administrator

Wednesday, November 20, 2013 7:56 PM

Reply

|

Quote

0

Sign in to vote

Hello, the error is because of the AD parameter in the command. You need to have sufficient permissions to invoke AD parameters in your PS command. AD commands could simply be permissions on the AD OU that the Group resides. You can easily check with getting with your domain admins and ask them to delegate permissions for your ID on the AD OU and try again. Also, you must be an Org Admin wiht Exchange.

Make sure to check any GPO's restricting the AD OU for ACL changes.

One thing I noticed is your command is incorrect - please use this one

Add-ADPermission -Identity "SourceMailbox" -User "DestinationMailbox" -AccessRights ExtendedRight -ExtendedRights "send as"

Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Regards, Siva

Wednesday, November 20, 2013 9:17 PM

Reply

|

Quote

0

Sign in to vote

Hello,

I am using the domain admin to run and I can use the ADUC to update the permission. On the other hand, I have exchange 2007 and exchange 2010 on the production, and I can run the command on Exchange 2007 and for mailbox 2010, also work

My acct didn't have exchange Organization Management , if it requirement the role of organization Management, do u know how to customize the role so that we can update group permission without let the acct to modify global setting

Thanks

Thursday, November 21, 2013 5:37 AM

Reply

|

Quote

0

Sign in to vote
Hello,

RBAC can be used to provide granular permissions to anyone/anygroup and with RBAC you need to create a management role group and associate role group policies to it and add users accordingly. However, since we are talking about the "Top Most" level of permissions - Organizational Management. Does not matter what you do, when someone is an Organizational Managment group member, FULL permissions will be allowed to that ID - this is by design.

Simply put - you cannot edit the Organizational Management role assignments and policies.

best!
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Regards, Siva
- Marked as answer by Simon_WuMicrosoft contingent staff, Moderator Saturday, December 07, 2013 6:22 PM
Thursday, November 21, 2013 3:03 PM

Reply

|

Quote