Answered by:
Exchange 2007 - Send As Permission keeps on resetting after 30 mins to 1 hour

Question
-
Hi All,
We have a few users who need to send an email as user A; however every time we provide them send as permission, it keeps resetting back every after 30 mins-1 hour. I have also tried checking the" include the inheritable permissions but still no luck
Users was part of 2 security groups and we have already removed the security group itself. User A is part of an administration group and from what I have read on other forums I have set the admin count to "0", hoping that it would resolve the issue.
....but just in case anyone of you encountered and already resolved the issue, I'm posting this for some inputs..
Thanks in advance.
-Jheycie
Monday, September 10, 2012 11:08 AM
Answers
-
That behavior is by design as you found out, the workaround is in the article below.
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/kb/907434
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Monday, September 10, 2012 1:57 PM -
On Mon, 10 Sep 2012 11:08:17 +0000, jheycie wrote:>>>Hi All,>>We have a few users who need to send an email as user A; however every time we provide them send as permission, it keeps resetting back every after 30 mins-1 hour. I have also tried checking the" include the inheritable permissions but still no luck>>Users was part of 2 security groups and we have already removed the security group itself. User A is part of an administration group and from what I have read on other forums I have set the admin count to "0", hoping that it would resolve the issue.If "A" is still a member of a group that is "privileged" theadminCount will be set back to 1. You have to remove the user from anygroups (direct or transitive membership) that the adminSDHoldermanages.http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspxhttp://support.microsoft.com/kb/817433http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx>....but just in case anyone of you encountered and already resolved the issue, I'm posting this for some inputs..Permissions don't disappear on their own. ;-)---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP- Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM
Monday, September 10, 2012 2:07 PM -
On Wed, 12 Sep 2012 03:10:51 +0000, jheycie wrote:>Yes, it does say send on behalf, but this is after the permission for send as disappeared.>>I added her back on the setting and she was able to send again, but I am afraid that after 1 hour I need to place her as a delegate again.You can't have both "Send As" and "Send on behalf of" permission onthe same mailbox.>Can you help me on how to run the Dsacls.exe tool in exchange 2007 or is there a similar tool I can use?Dsacls.exe isn't an Exchange tool, it's an AD tool.http://technet.microsoft.com/en-us/library/cc771151(v=ws.10).aspx---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP- Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM
Wednesday, September 12, 2012 3:38 AM
All replies
-
That behavior is by design as you found out, the workaround is in the article below.
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/kb/907434
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Monday, September 10, 2012 1:57 PM -
On Mon, 10 Sep 2012 11:08:17 +0000, jheycie wrote:>>>Hi All,>>We have a few users who need to send an email as user A; however every time we provide them send as permission, it keeps resetting back every after 30 mins-1 hour. I have also tried checking the" include the inheritable permissions but still no luck>>Users was part of 2 security groups and we have already removed the security group itself. User A is part of an administration group and from what I have read on other forums I have set the admin count to "0", hoping that it would resolve the issue.If "A" is still a member of a group that is "privileged" theadminCount will be set back to 1. You have to remove the user from anygroups (direct or transitive membership) that the adminSDHoldermanages.http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspxhttp://support.microsoft.com/kb/817433http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx>....but just in case anyone of you encountered and already resolved the issue, I'm posting this for some inputs..Permissions don't disappear on their own. ;-)---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP- Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM
Monday, September 10, 2012 2:07 PM -
Thank you all for the input, however I am not quite sure how to use the Dsacls.exe in exchange 2007.
Also, if it would help I have asked the user to send the error report to me, and this is what it shows:
#MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #SMTP#
/O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=joanne #MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #EX#
Does this mean that this is caused of the user being a part of the first organization unit and an organization unit at the same time? Sorry for my ignorance, but consider this as a question from a newbie=)
Tuesday, September 11, 2012 11:05 AM -
thanks for the input too Rich, im still reading through some of them they definitely give me an idea..I will read and try again once I get home=)Tuesday, September 11, 2012 11:06 AM
-
On Tue, 11 Sep 2012 11:05:22 +0000, jheycie wrote:>Thank you all for the input, however I am not quite sure how to use the Dsacls.exe in exchange 2007.>>Also, if it would help I have asked the user to send the error report to me, and this is what it shows:>>#MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #SMTP#>> /O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=joanne #MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #EX#What does it say _above_ the diagnostic information? Does it mention"send on behalf"?Is the person you're trying to grant "Send As" permission already adelegate on the mailbox?>Does this mean that this is caused of the user being a part of the first organization unit and an organization unit at the same time?Say what?!>Sorry for my ignorance, but consider this as a question from a newbie=)---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVPWednesday, September 12, 2012 12:59 AM -
Hi Rich
Yes, it does say send on behalf, but this is after the permission for send as disappeared.
I added her back on the setting and she was able to send again, but I am afraid that after 1 hour I need to place her as a delegate again.
Can you help me on how to run the Dsacls.exe tool in exchange 2007 or is there a similar tool I can use?
Wednesday, September 12, 2012 3:10 AM -
On Wed, 12 Sep 2012 03:10:51 +0000, jheycie wrote:>Yes, it does say send on behalf, but this is after the permission for send as disappeared.>>I added her back on the setting and she was able to send again, but I am afraid that after 1 hour I need to place her as a delegate again.You can't have both "Send As" and "Send on behalf of" permission onthe same mailbox.>Can you help me on how to run the Dsacls.exe tool in exchange 2007 or is there a similar tool I can use?Dsacls.exe isn't an Exchange tool, it's an AD tool.http://technet.microsoft.com/en-us/library/cc771151(v=ws.10).aspx---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP- Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM
Wednesday, September 12, 2012 3:38 AM