Exchange 2007 - Send As Permission keeps on resetting after 30 mins to 1 hour

All replies

• 

  

  0

  Sign in to vote

  That behavior is by design as you found out, the workaround is in the article below.

  The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server

  http://support.microsoft.com/kb/907434

  ---

  James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

  • Proposed as answer by Castinlu Tuesday, September 11, 2012 3:09 AM
  • Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM

  Monday, September 10, 2012 1:57 PM
• 

  

  0

  Sign in to vote

  On Mon, 10 Sep 2012 11:08:17 +0000, jheycie wrote:

   

  >

  >

  >Hi All,

  >

  >We have a few users who need to send an email as user A; however every time we provide them send as permission, it keeps resetting back every after 30 mins-1 hour. I have also tried checking the" include the inheritable permissions but still no luck

  >

  >Users was part of 2 security groups and we have already removed the security group itself. User A is part of an administration group and from what I have read on other forums I have set the admin count to "0", hoping that it would resolve the issue.

   

  If "A" is still a member of a group that is "privileged" the

  adminCount will be set back to 1. You have to remove the user from any

  groups (direct or transitive membership) that the adminSDHolder

  manages.

   

   

  http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx

  http://support.microsoft.com/kb/817433

  http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx

   

   

  >....but just in case anyone of you encountered and already resolved the issue, I'm posting this for some inputs..

   

  Permissions don't disappear on their own. ;-)

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  • Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM

  Monday, September 10, 2012 2:07 PM
• 

  

  0

  Sign in to vote

  Thank you all for the input, however I am not quite sure how to use the Dsacls.exe in exchange 2007.

  Also, if it would help I have asked the user to send the error report to me, and this is what it shows:
  

  #MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #SMTP#

   /O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=joanne #MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #EX#

  Does this mean that this is caused of the user being a part of the first organization unit and an organization unit at the same time? Sorry for my ignorance, but consider this as a question from a newbie=)

  Tuesday, September 11, 2012 11:05 AM
• 

  

  0

  Sign in to vote

  thanks for the input too Rich, im still reading through some of them they definitely give me an idea..I will read and try again once I get home=)
  

  Tuesday, September 11, 2012 11:06 AM
• 

  

  0

  Sign in to vote

  On Tue, 11 Sep 2012 11:05:22 +0000, jheycie wrote:

   

  >Thank you all for the input, however I am not quite sure how to use the Dsacls.exe in exchange 2007.

  >

  >Also, if it would help I have asked the user to send the error report to me, and this is what it shows:

  >

  >#MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #SMTP#

  >

  > /O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=joanne #MSEXCH:MSExchangeIS:/DC=local/DC=loopartners:LNP-EXCH-2K7[578:0x000004DC:0x0000001D] #EX#

   

  What does it say _above_ the diagnostic information? Does it mention

  "send on behalf"?

   

  Is the person you're trying to grant "Send As" permission already a

  delegate on the mailbox?

   

  >Does this mean that this is caused of the user being a part of the first organization unit and an organization unit at the same time?

   

  Say what?!

   

  >Sorry for my ignorance, but consider this as a question from a newbie=)

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  Wednesday, September 12, 2012 12:59 AM
• 

  

  0

  Sign in to vote

  Hi Rich

  Yes, it does say send on behalf, but this is after the permission for send as disappeared.

  I added her back on the setting and she was able to send again, but I am afraid that after 1 hour I need to place her as a delegate again.

  Can you help me on how to run the Dsacls.exe tool in exchange 2007 or is there a similar tool I can use?

  
  

   

  Wednesday, September 12, 2012 3:10 AM
• 

  

  0

  Sign in to vote

  On Wed, 12 Sep 2012 03:10:51 +0000, jheycie wrote:

   

  >Yes, it does say send on behalf, but this is after the permission for send as disappeared.

  >

  >I added her back on the setting and she was able to send again, but I am afraid that after 1 hour I need to place her as a delegate again.

   

  You can't have both "Send As" and "Send on behalf of" permission on

  the same mailbox.

   

  >Can you help me on how to run the Dsacls.exe tool in exchange 2007 or is there a similar tool I can use?

   

  Dsacls.exe isn't an Exchange tool, it's an AD tool.

   

  http://technet.microsoft.com/en-us/library/cc771151(v=ws.10).aspx

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  • Marked as answer by Castinlu Monday, September 24, 2012 2:29 AM

  Wednesday, September 12, 2012 3:38 AM