Asked by:
NT AUTHORITY\SELF Send-As permission missing

Question
-
A linked mailbox was converted to a user mailbox. Something wasn't right so it was disconnected and reconnected.
Now I'm checking it's permissions and I've got a bit of a difference comparing to a fully functional standard user mailbox:
(the reconnected one):
RunspaceId : bc749f2e-977d-455c-8127-7d55a3cbb1c8
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : <blablabla> (point to the correct user)
IsInherited : False
IsValid : TrueThe standard one:
RunspaceId : bc749f2e-977d-455c-8127-7d55a3cbb1c8
AccessRights : {FullAccess, SendAs, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : <blablabla> (point to the correct user)
IsInherited : False
IsValid : TrueAs you can see, the first one is missing the Send-As permission. Giving it with Add-ADPermission doesn't seem to fix it (the mailbox permissions doesn't change, while NT AUTH\SELF pops out in EMC\Manage Send As permission)
Last thing: the user is able to send emails.
How to restore the default setting, just to be sure everything will work right?
Bye
Dario Palermo
Thursday, February 5, 2015 4:07 PM
All replies
-
I have to correct myself: all linked mailboxes doesn't have the SendAs item in the AccessRights line for NTAuth\SELF...
Dario Palermo
Thursday, February 5, 2015 4:10 PM -
Hi,
By default, Linked mailbox doesn’t have Send As permission on the mailbox.
After we convert a linked mailbox to a user mailbox, we have to remove the FullAccess, ExternalAccount permissions from the mailbox.
Set-User -Identity username@domain.com -LinkedMasterAccount $null
Then try to add send as permission for this mailbox.
Add-ADPermission -Identity "User Name" -User “NT AUTHORITY\SELF” -AccessRights ExtendedRight -ExtendedRights "Send As"
If this issue persists, please let me know.
Best Regards.
Friday, February 6, 2015 7:55 AMModerator -
I followed the procedure, as you also point out.
When I use ADD-ADPermission, I do not end up like a regular mailbox. On a regular mailbox, the Send-As permission shows up here:
RunspaceId : bc749f2e-977d-455c-8127-7d55a3cbb1c8
AccessRights : {FullAccess, SendAs, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : <blablabla> (point to the correct user)
IsInherited : False
IsValid : TrueAnd does not show up in EMC, manage Send-As permission.
On a previously linked mailbox after conversion, the Send-As permission doesn't show here:
RunspaceId : bc749f2e-977d-455c-8127-7d55a3cbb1c8
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : <blablabla> (point to the correct user)
IsInherited : False
IsValid : Truebut shows up in emc\manage send-as permissions
Is it correct?
bye
Dario Palermo
- Edited by Dario Palermo Friday, February 6, 2015 12:18 PM mistype
Friday, February 6, 2015 12:18 PM