In Exchange Server 2013 there are multiple methods you can use for granting Send As permissions for a mailbox.
Send As permissions can be granted using the Exchange admin center. Navigate to Recipients, then choose the type of recipient you want to grant Send As right for (in this example I am using a shared mailbox called “Help Desk”). Click the Edit button to open the properties of the mailbox.
Select Mailbox Delegation, then click the + button for the Send As permissions and choose who you are granting the permissions to. Click Add then OK, and then Save to complete the task.
Note: You can add a user or group here. To use a group to grant Send As permissions, which may be easier in the long run, the group simply needs to be a Universal Security group. It does not need to be mail-enabled. However you will need to use PowerShell to configure the permissions when adding a group.
To grant Send As permissions using PowerShell we use the Add-AdPermission cmdlet. Using PowerShell allows either a user or Universal Security group to be given Send As permissions.
[PS] C:\>Get-Mailbox "Help Desk" | Add-ADPermission -User "Help Desk Team" -ExtendedRights "Send As" Identity User Deny Inherited -------- ---- ---- --------- exchange2013demo.... E2013DEMOHelp De... False False
Remember if you’re setting up a group for Send As permissions, new members of that group will need to log off and back on again before they can send as the mailbox.
I need to set up Service Desk (multiple accounts) with permissions to add/remove “Send as / Send On Behalf” to various mailboxes. I am going to create a Security Universal Group add Service Desk account to the group. What permissions I have to setup for the Group?
so i have “full access” and “send as” delegation and it works. then a few weeks later i started getting
“This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified user. Error is [0x80070005-0x0004dc-0x000524].”
and the only workaround i have is to resend an old email.
how does one fix this error?
Same here…are you resolve this problem?
Is it the same for Shared mailbox ? What ManagementRole Assignment is needed for a Shared mailbox? Exchange 2013 CU6
My Helpdesk staff can set “Full Access ” for both User and Shared mailboxes.
But they can only set “Send As” for User mailboxes not Shared mailboxes.
I want to send mail from Security group. So I added myself to this group on AD and provided Send as to group(Security tab->add->security group->check the send as permission) as well as myself(Advnaced->Security tab->add my name->checked send as option).
and it is shown in EMC cloud also, but not able to send.
I got below error:
This message could not be sent. Try sending the message later or contact the network administrator.
permission to send the message on behalf of the specified user.
The scope of the group says the group has to be universal, any known issue if I use global or domain local groups to grant send on behalf or send as permissions?
I had global groups with send on behalf and send as permissions before upgrading to CU10 and lately I’m getting complains from users as sometimes they get NDR’s saying they don’t have permissions, nothing else changed apart from the CU10 upgrade, so I’m thinking if I should change the scope of the groups from global to universal.
I have set my help desk users up as the recipient management role. They are unable to set the send as delegation on other users. I was sure they could do this until I applied cu8 to my Exchange 2013 environment. Any thoughts?
i try to give an useraccount Full Access to Exchange Database (Receive-As, Send-AS).
get-mailboxdatabase | add-adpermission -user “marco” -Accessrights GenericAll -Extendedrights Receive-As, Send-as
I see this User on all mailboxes beneath Full Access but unfortunately not beneath Send As.
Also it is not possible to send as other Users.
Is this normal Behavior ?
If i set this on the mailbox themself it works.
Thanks in Advance
I don’t recommend trying to set it at the database level.
I believe you can give user rights on all “future mailboxes”. If I create a new mailbox, rights are automatically configured.
I made it, but I don’t remember how.. Do you know?
You’ve probably set it at the database level, which I don’t recommend.
OK I know I have seen this before. My issue is that I have help desk users who cannot grant this permission in exchange 2013. I remember reading somewhere where the trick was to assign this to an individual OR to a group, but the group had to be a universal group. Can someone help refresh my memory about what the command in powershell would be for this?
Yes, if you grant Send As to a group (which must be a Universal Security Group – whether it is mail-enabled or not doesn’t matter), then your Help Desk could just manage the membership of that group rather than having to grant Send As rights to individuals.
Would the same hold true for granting FullAccess and SendOnBehalfOf?
Yes, should be the same.
Great post Paul!
For anyone with a good understanding of customising OWA (and the dangers involved), I have written some instructions to allow users to make these changes to full access, send as and send on behalf of permissions, to their own mailboxes. Would love to know what you think!
Pingback: Exchange Server 2013: Find Sender of an Email from a Shared Mailbox