locked
NT AUTHORITY\SELF Send-As permission missing RRS feed

  • Question

  • A linked mailbox was converted to a user mailbox. Something wasn't right so it was disconnected and reconnected.

    Now I'm checking it's permissions and I've got a bit of a difference comparing to a fully functional standard user mailbox:

    (the reconnected one):

    RunspaceId      : bc749f2e-977d-455c-8127-7d55a3cbb1c8
    AccessRights    : {FullAccess, ReadPermission}
    Deny            : False
    InheritanceType : All
    User            : NT AUTHORITY\SELF
    Identity        : <blablabla> (point to the correct user)
    IsInherited     : False
    IsValid         : True

    The standard one:

    RunspaceId      : bc749f2e-977d-455c-8127-7d55a3cbb1c8
    AccessRights    : {FullAccess, SendAs, ReadPermission}
    Deny            : False
    InheritanceType : All
    User            : NT AUTHORITY\SELF
    Identity        : <blablabla> (point to the correct user)
    IsInherited     : False
    IsValid         : True

    As you can see, the first one is missing the Send-As permission. Giving it with Add-ADPermission doesn't seem to fix it (the mailbox permissions doesn't change, while NT AUTH\SELF pops out in EMC\Manage Send As permission)

    Last thing: the user is able to send emails.

    How to restore the default setting, just to be sure everything will work right?

    Bye


    Dario Palermo

    Thursday, February 5, 2015 4:07 PM

All replies

  • I have to correct myself: all linked mailboxes doesn't have the SendAs item in the AccessRights line for NTAuth\SELF...

    Dario Palermo

    Thursday, February 5, 2015 4:10 PM
  • Hi,

    By default, Linked mailbox doesn’t have Send As permission on the mailbox.

    After we convert a linked mailbox to a user mailbox, we have to remove the FullAccess, ExternalAccount permissions from the mailbox.

    Set-User -Identity username@domain.com -LinkedMasterAccount $null

    Then try to add send as permission for this mailbox.

    Add-ADPermission -Identity "User Name" -User “NT AUTHORITY\SELF” -AccessRights ExtendedRight -ExtendedRights "Send As"

    If this issue persists, please let me know.

    Best Regards.

    Friday, February 6, 2015 7:55 AM
    Moderator
  • I followed the procedure, as you also point out.

    When I use ADD-ADPermission, I do not end up like a regular mailbox. On a regular mailbox, the Send-As permission shows up here:

    RunspaceId      : bc749f2e-977d-455c-8127-7d55a3cbb1c8
    AccessRights    : {FullAccess, SendAs, ReadPermission}
    Deny            : False
    InheritanceType : All
    User            : NT AUTHORITY\SELF
    Identity        : <blablabla> (point to the correct user)
    IsInherited     : False
    IsValid         : True

    And does not show up in EMC, manage Send-As permission.

    On a previously linked mailbox after conversion, the Send-As permission doesn't show here:

    RunspaceId      : bc749f2e-977d-455c-8127-7d55a3cbb1c8
    AccessRights    : {FullAccess, ReadPermission}
    Deny            : False
    InheritanceType : All
    User            : NT AUTHORITY\SELF
    Identity        : <blablabla> (point to the correct user)
    IsInherited     : False
    IsValid         : True

    but shows up in emc\manage send-as permissions

    Is it correct?

    bye


    Dario Palermo


    • Edited by Dario Palermo Friday, February 6, 2015 12:18 PM mistype
    Friday, February 6, 2015 12:18 PM