something wrong with security permissions


  • Dears, 

    I'm facing an issue which is exchange mail users can send on behalf without giving permission on exchange and without public delegated in AD.

    anyone can help>>>


    Sunday, March 19, 2017 6:32 AM

All replies

  • Hi.  I think you should be asking this on the Exchange forum. What version of Exchange are you using?  Have the users that can send on behalf of being granted permissions on that mailbox?  What AD groups are those users in? Also, could it be delegated access has been granted through Outlook itself on a client machine?

    Sunday, March 19, 2017 10:16 AM
  • no permission is granted on exchange and no public delegates on users nor outlook
    Sunday, March 19, 2017 10:23 AM
  • Are the users that have send on behalf of permissions in an Exchange or domain-related admin groups?
    Sunday, March 19, 2017 10:26 AM
  • no 
    Sunday, March 19, 2017 1:52 PM
  • The only other thing I can think of then is that the send on behalf permissions have been set using Exchange Management Shell. You can run this to see who had send on behalf permissions on a mailbox: Get-Mailbox -identity | fl *GrantSendOnBehalfTo You can then remove permissions. See here for more info - Please ensure you test this for applying to production mailboxes.
    Sunday, March 19, 2017 3:41 PM
  • i run this command but it returned nothing
    Monday, March 20, 2017 6:12 AM
  • update: pop3 only can send on behalf without permission in exchange,,
    Monday, March 20, 2017 9:48 AM
  • Hi,

    If every permission configured on user mailboxes/AD groups/Mail Users looks fine. You may try to re-create one of mail users for a test.

    Best Regards,

    TechNet Community Support

    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, March 20, 2017 10:18 AM
  • i created new pop3 account, it did the same issue
    Monday, March 20, 2017 12:50 PM
  • Hi. There are a few other checks you can try as per here - Hope that helps.
    Tuesday, March 21, 2017 12:09 AM
  • sorry it didn't
    Tuesday, March 21, 2017 6:41 AM
  • This issue always happens if the Anonymous Users group is enabled on the receive connector. Check the receive connector you use for SMTP, disable the Permission group Anonymous Users and enable the Exchange users group, like below:

    If you have multiple CAS servers, apply the change on all of them, then restart the Microsoft Exchange Frontend Transport service on these servers you make the change.

    Let us know if the issue persists so we can further help.

    Note: You may schedule a downtime to restart the service as it may temporarily affect the mail flow.

    Please remember to <b>mark the replies as answers</b> if they help. It will help other forum members to find the useful replies more easily, and inspire people to help each other.

    Monday, March 27, 2017 1:57 PM