Some end users in your Exchange Server environment may have a requirement to “send as” a mailbox that they also need to remain hidden from the global address list. This scenario presents a few challenges.
Unable to Resolve Hidden Mailbox Names
The first is that the mailbox the person is sending as can’t be resolved from the address list when it is hidden. For example, here Alan Reid is trying to send on behalf of Alannah Shaw to all head office staff. However, despite typing out Alannah’s full email address as the “from” address is still does not resolve.
One way to work around that issue is to temporarily un-hide the mailbox, allow the person to “send as” at least once, and then in future they are able to select the mailbox name from a cached list in the “From” drop down menu.
Send on Behalf Permissions Error When Sending as a Hidden Mailbox
Another problem is that even when the “send as” permissions are correctly configured, after the mailbox is hidden from the address list the sender begins receiving undeliverable notifications.
You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
A Solution for Sending As Hidden Mailboxes
This is one solution for these problems that I have tested and that appears to work. There may be other solutions as well, I’ve seen a few partial answers in forums and on other websites, but these specific steps are the ones that have worked for me. I can’t guarantee that some other factor in your environment won’t prevent this solution from working.
Thanks to Jeff Guillet for his tip that helped me with this.
To begin with the mailbox must be un-hidden and visible in the GAL. For cached-mode clients this also means that the change needs to makes its way through the normal chain of events before it is reflected in the offline address book on the client. If the person can see the mailbox in the Outlook address book then you can proceed to the next step.
Next, have the end user (Alan Reid in this example) open a new email and type the mailbox name they wish to send as into the “To” field. After a few seconds it should resolve, or you can CTRL+K to speed it along.
Have the end user right-click the resolved name and choose Add to Outlook Contacts. This will add the mailbox to their personal contacts in their mailbox.
Click Save & Close when the contact card opens up.
Hide the mailbox from the address list again. As before, for cached-mode clients there will be some delay (24-48 hours is not uncommon) before the changes are reflected in the OAB copy on the client.
Now send another email, choosing the hidden mailbox to send as. It should resolve from the contact that was added earlier.
If there are previously cached entries in the From drop down list ignore those, and make sure you choose Other E-Mail Address and resolve the mailbox from the contact that was added.
The email should be delivered this time without any error.
Note, the Other E-Mail Address option must be used each time. Choosing the cached entry from the drop down list will result in an undeliverable message.
Hey Paul, I used this trick today in the webinterface of Office365 and now I’m able to send mails as delegate with ‘sent as’ permissions on a resource box. The resource box is only for technical implementations and should be hidden from the addressbooks. 🙂
I added the all the resources as contact to the delegate account, hid all the resources from adresbook, and could set up the email scripts.
Thanks for your work!
Pingback: Shetland Season 5
Thanks for the write up. I tried this on Exchange 2013 CU9 and Outlook 2010 (non-cached mode). When trying to select the saved contact and add it to the “From” field, Outlook gives me an error:
“Cannot perform the requested operation. The command selected is not valid for this recipient.”
This error usually occurs when you attempt to view the calendar for a user who has one or more of the following issues:
Is not part of your domain.
Is not listed in the LDAP.
Is not a member of your Exchange Server.
Has not granted you the necessary permissions to view their calendar
This workaround may have been stopped in the latest Exchange Cumulative Update?
Same issue here.
Any updates that would prevent this from working?
Thank you!
Same here. Bummer.
There isn’t a way for the contact to be saved in the cached addresses? You need to go to Other Email address and then find the contact everytime? Having to do this whole process seems like a huge oversight by Microsoft.
The last sentences of the article answer your question. And yes, it’s a bit painful and you’d think there was a better way, but such is life.
Hello,
To facilitate Exchange Admins work you can make it automatic.
REMOVED
Please don’t post big blocks of code in comments here, it makes a mess of the page layout. If you’ve got scripts to share there are plenty of ways to do that, eg TechNet Script Gallery, Github, your own blog, etc.
Its a shame that Microsoft deigned to pull the pin on TechNet Script Gallery, a loss of great scripts.
There are lots of scripts available in GitHub. And when scripts are in GitHub, they tend to be supported and updated. Have a browse through https://github.com/12Knocksinna/Office365itpros
We are on Exchange 2003 and running Outlook 2007. I tried the above as having the same problem but there is no “other email address” option. Do you have a suggestion for someone running the combination we are? Thanks
Not really. I don’t have any Outlook 2007 clients to test with. Perhaps it simply doesn’t have that option.
“other email address” option does not exist in 2007. Simply use From to go to the address book and pick the saved contact from their contacts file.
For 2 days I’ve been working on this. I tried the “creating a contact” method but was getting inconsistent results until reading this. This article has been invaluable. Thanks Paul
You’re welcome.
I have had success using LegacyExchangeDN then control+K to list the name. It might not work for the everyday user because they need either EMS or ADSIEdit to acquire the LegacyExchangeDN. The again, I cannot imagine this will be an everyday request either. Peace.
Yeah, this has always been something I’ve needed to setup for them, and walk them through, and even provide a one page cheat sheet for when they inevitably forget the important step of not using the autocomplete entry.
Bacon saved!
Still a problem in 2017 with Exchange Online and Outlook 2016.
To avoid waiting OAB Gen/Distribution/Download you may point the user to grab the Send-As user from the “All Users” Address List, that will force Outlook to hit the AB service running on a CAS.
Good point Andres, thanks. I think that tip comes with the caveat that it will work as long as the OAB only includes the GAL and not the “All Users” address list as well. Which is the default configuration for an OAB, but some people do mess around with that.
Yeah, but Outlook only downloads only one AL included in the OAB, either the GAL or any additional one, it was like that last time I tried. There’s been some bugs around that…
Great post Paul. I remember having a similar issue quite a while ago.
Good trick Paul and Jeff, will try it out.