locked
Unable to set send-as permissions because of hundrets of duplicate permissions RRS feed

  • Question

  • hello,

    we are unable to set send-as permissons to mailboxes where more than 10 users already habe send-as permissions.

    when i use get-adpermission -identity "mailbox_abc" i get 4309 lines with permissions. But most are duplicates. every permission is set 31 times.

    when i remove a user there are 4278 lines, when i add an user there are 4309 lines.

    it seems that every account has between 1000 and 4000 permission lines

    when i use the GUI i only see 10 different permissions

    how can i fix it?

    thankyou in advance boris

    Tuesday, July 29, 2014 3:39 PM

Answers

  • Hi,

    If possible, please collect the Send As permission user list in Exchange Management Console:

    Open EMC > expand Recipient Configuration > Mailbox. Right-click mailbox_abc and click Manage Send As Permission. Back up the information there.

    Then we can go to Active Directory Users and Computers to check send as permissions for Mailbox_abc:

    1. In ADUC, expand domain.com and click Users.

    2. Right-click mailbox_abc, select Properties.

    3. In Security tab, check whether the permission for 5 users SAMPLE\gka, SAMPLE\ma, SAMPLE\zr, SAMPLE\fh, SAMPLE\MT are only set to Send As.

    4. If so, please remove these 5 Users. Then run the command I posted above to check Send As permission now.

    5. If there are no duplicate lines, please add the users back to have a try.

    Regards,


    Winnie Liang
    TechNet Community Support

    Thursday, July 31, 2014 2:27 AM
    Moderator

All replies

  • Hi,

    To view Send As permission to a specific mailbox, we can use the following command to get it:

    Get-ADPermission -Identity "mailbox_abc" | ?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self")} | select identity,user

    Then check whether the results are the same as user lists who have send as permission in GUI.

    If you want to set Send as permission for a user, we can use the following command:

    Add-ADPermission -Identity “mailbox_abc” -User UserA -Extendedrights "Send As"

    If there is any further question, please feel free to let me know.

    Regards,


    Winnie Liang
    TechNet Community Support

    Wednesday, July 30, 2014 5:30 AM
    Moderator
  • my problem are the hundreds of duplicates

    this is the output

    Get-ADPermission -Identity "mailbox_abc" | ?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self")} | select identity,user

    Identity                                                    User
    --------                                                    ----
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
    sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT

    alltogether 4300 duplicate lines but only 5 different accounts

    rg. borris

    Wednesday, July 30, 2014 12:07 PM
  • Hi,

    If possible, please collect the Send As permission user list in Exchange Management Console:

    Open EMC > expand Recipient Configuration > Mailbox. Right-click mailbox_abc and click Manage Send As Permission. Back up the information there.

    Then we can go to Active Directory Users and Computers to check send as permissions for Mailbox_abc:

    1. In ADUC, expand domain.com and click Users.

    2. Right-click mailbox_abc, select Properties.

    3. In Security tab, check whether the permission for 5 users SAMPLE\gka, SAMPLE\ma, SAMPLE\zr, SAMPLE\fh, SAMPLE\MT are only set to Send As.

    4. If so, please remove these 5 Users. Then run the command I posted above to check Send As permission now.

    5. If there are no duplicate lines, please add the users back to have a try.

    Regards,


    Winnie Liang
    TechNet Community Support

    Thursday, July 31, 2014 2:27 AM
    Moderator
  • Hi,

    Any updates?

    Regards,


    Winnie Liang
    TechNet Community Support

    Monday, August 4, 2014 7:42 AM
    Moderator