Why doesn't the Exchange Management tools represent who has SEND AS permissions accurately?
Question
Answers
-
Hi Jason,
This may Exchange Management Tool it only search for the send as permission in AD, but when you use “full control” it show as “GenericAll” , so it will not show in EMC.
When you try to check for that, you can use this command to know the user who has been granted “full control” or “send as” permission:
Get-ADPermission –identity user | ?{ $_.ExtendedRights -like “Send-As” –or $_.AccessRights -like “GenericAll”} | select User, AccessRights, ExtendedRights
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
- Edited by Evan LiuModerator Friday, December 30, 2011 5:45 AM
- Proposed as answer by Evan LiuModerator Thursday, January 5, 2012 10:18 AM
- Marked as answer by JMeyer2009 Thursday, January 5, 2012 7:28 PM
All replies
-
Hi Jason,
Please use this to check whether the send as permission has been granted well:
Get-ADPermission –identity User | ?{ $_.Extendedrights -like “Send-As”} | select User, Extendedrights
If you can see the user and the send as right, please re-open EMC to check again for the issue.
If you cannot see it, I suggest you re-set for the send as permission, then use EMC to check again.
Manage Send As Permissions for a Mailbox
http://technet.microsoft.com/en-us/library/bb676368.aspx
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
Any updates on this issue?
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
Get-ADPermission is also a command in Exchange 2007, you can know more information from this document:
Get-ADPermission
http://technet.microsoft.com/en-us/library/bb125183(EXCHG.80).aspx
You also can use this command to check in Exchange 2007:
Get-ADPermission –identity User | ?{ $_.Extendedrights -like “Send-As”} | select User, Extendedrights
If you want to check all users that have been granted the “Send As” permission via Exchange or Active Directory, you can use this command:
Get-Mailbox| Get-ADPermission| ?{ $_.Extendedrights -like “Send-As”} | select identity, User, Extendedrights
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
- Edited by Evan LiuModerator Thursday, December 22, 2011 10:15 AM
-
Hi Jason,
How about the issue now?
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
In my lab, If you grant one user (group) send as permission on one account in AD, you can see the user (group) in EMC.
If you grant the permission in AD, but cannot see in EMC, use this command to do a check, check whether you can see the user (which has been given the send as permission):
Get-ADPermission –identity User | ?{ $_.Extendedrights -like “Send-As”} | select User, Extendedrights
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
Yes, in my lab, if you grant “full control” permission, the “send as” permission will not show in the EMC.
I think the way you grant the “send as” by “full control” will not show in EMC (I checked in Exchange 2007 SP3 and Exchange 2010 SP1).
If you want to check the AD permission (full control), you can use the command Get-ADPermission.
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
- Proposed as answer by Evan LiuModerator Thursday, January 5, 2012 10:18 AM
-
Hi Jason,
Any updates on this issue?
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
This may Exchange Management Tool it only search for the send as permission in AD, but when you use “full control” it show as “GenericAll” , so it will not show in EMC.
When you try to check for that, you can use this command to know the user who has been granted “full control” or “send as” permission:
Get-ADPermission –identity user | ?{ $_.ExtendedRights -like “Send-As” –or $_.AccessRights -like “GenericAll”} | select User, AccessRights, ExtendedRights
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
- Edited by Evan LiuModerator Friday, December 30, 2011 5:45 AM
- Proposed as answer by Evan LiuModerator Thursday, January 5, 2012 10:18 AM
- Marked as answer by JMeyer2009 Thursday, January 5, 2012 7:28 PM
-
Hi Jason,
How about the issue, any updates?
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
-
Hi Jason,
Any updates on this issue?
If you still have any question on this issue, please feel free to let me know.
Thanks,
Evan Liu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
Evan Liu
TechNet Community Support
