Some end users in your Exchange Server environment may have a requirement to “send as” a mailbox that they also need to remain hidden from the global address list. This scenario presents a few challenges.

Unable to Resolve Hidden Mailbox Names

The first is that the mailbox the person is sending as can’t be resolved from the address list when it is hidden. For example, here Alan Reid is trying to send on behalf of Alannah Shaw to all head office staff. However, despite typing out Alannah’s full email address as the “from” address is still does not resolve.

exchange-send-as-hidden-mailbox-01

One way to work around that issue is to temporarily un-hide the mailbox, allow the person to “send as” at least once, and then in future they are able to select the mailbox name from a cached list in the “From” drop down menu.

exchange-send-as-hidden-mailbox-07

Send on Behalf Permissions Error When Sending as a Hidden Mailbox

Another problem is that even when the “send as” permissions are correctly configured, after the mailbox is hidden from the address list the sender begins receiving undeliverable notifications.

exchange-send-as-hidden-mailbox-02

You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

A Solution for Sending As Hidden Mailboxes

This is one solution for these problems that I have tested and that appears to work. There may be other solutions as well, I’ve seen a few partial answers in forums and on other websites, but these specific steps are the ones that have worked for me. I can’t guarantee that some other factor in your environment won’t prevent this solution from working.

Thanks to Jeff Guillet for his tip that helped me with this.

To begin with the mailbox must be un-hidden and visible in the GAL. For cached-mode clients this also means that the change needs to makes its way through the normal chain of events before it is reflected in the offline address book on the client. If the person can see the mailbox in the Outlook address book then you can proceed to the next step.

exchange-send-as-hidden-mailbox-03

Next, have the end user (Alan Reid in this example) open a new email and type the mailbox name they wish to send as into the “To” field. After a few seconds it should resolve, or you can CTRL+K to speed it along.

Have the end user right-click the resolved name and choose Add to Outlook Contacts. This will add the mailbox to their personal contacts in their mailbox.

exchange-send-as-hidden-mailbox-05

Click Save & Close when the contact card opens up.

Hide the mailbox from the address list again. As before, for cached-mode clients there will be some delay (24-48 hours is not uncommon) before the changes are reflected in the OAB copy on the client.

Now send another email, choosing the hidden mailbox to send as. It should resolve from the contact that was added earlier.

exchange-send-as-hidden-mailbox-06

If there are previously cached entries in the From drop down list ignore those, and make sure you choose Other E-Mail Address and resolve the mailbox from the contact that was added.

exchange-send-as-hidden-mailbox-10

The email should be delivered this time without any error.

exchange-send-as-hidden-mailbox-09

Note, the Other E-Mail Address option must be used each time. Choosing the cached entry from the drop down list will result in an undeliverable message.

exchange-send-as-hidden-mailbox-11

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Leo

    Hey Paul, I used this trick today in the webinterface of Office365 and now I’m able to send mails as delegate with ‘sent as’ permissions on a resource box. The resource box is only for technical implementations and should be hidden from the addressbooks. 🙂
    I added the all the resources as contact to the delegate account, hid all the resources from adresbook, and could set up the email scripts.
    Thanks for your work!

  2. Jon

    Thanks for the write up. I tried this on Exchange 2013 CU9 and Outlook 2010 (non-cached mode). When trying to select the saved contact and add it to the “From” field, Outlook gives me an error:

    “Cannot perform the requested operation. The command selected is not valid for this recipient.”
    This error usually occurs when you attempt to view the calendar for a user who has one or more of the following issues:
    Is not part of your domain.
    Is not listed in the LDAP.
    Is not a member of your Exchange Server.
    Has not granted you the necessary permissions to view their calendar

    This workaround may have been stopped in the latest Exchange Cumulative Update?

    1. Brian

      Same issue here.

      Any updates that would prevent this from working?

      Thank you!

      1. Ralph Haney

        Same here. Bummer.

  3. Tom

    There isn’t a way for the contact to be saved in the cached addresses? You need to go to Other Email address and then find the contact everytime? Having to do this whole process seems like a huge oversight by Microsoft.

  4. Etienne

    Hello,

    To facilitate Exchange Admins work you can make it automatic.

    REMOVED

      1. Walliam

        Its a shame that Microsoft deigned to pull the pin on TechNet Script Gallery, a loss of great scripts.

  5. Marie Burke

    We are on Exchange 2003 and running Outlook 2007. I tried the above as having the same problem but there is no “other email address” option. Do you have a suggestion for someone running the combination we are? Thanks

    1. Gary Woods

      “other email address” option does not exist in 2007. Simply use From to go to the address book and pick the saved contact from their contacts file.

  6. Rob Shinwell

    For 2 days I’ve been working on this. I tried the “creating a contact” method but was getting inconsistent results until reading this. This article has been invaluable. Thanks Paul

  7. Rusty Shackleford

    I have had success using LegacyExchangeDN then control+K to list the name. It might not work for the everyday user because they need either EMS or ADSIEdit to acquire the LegacyExchangeDN. The again, I cannot imagine this will be an everyday request either. Peace.

    1. Chris Griffiths

      Bacon saved!

      Still a problem in 2017 with Exchange Online and Outlook 2016.

  8. Andres Canello [MSFT]

    To avoid waiting OAB Gen/Distribution/Download you may point the user to grab the Send-As user from the “All Users” Address List, that will force Outlook to hit the AB service running on a CAS.

    1. Paul Cunningham

      Good point Andres, thanks. I think that tip comes with the caveat that it will work as long as the OAB only includes the GAL and not the “All Users” address list as well. Which is the default configuration for an OAB, but some people do mess around with that.

      1. Andres Canello

        Yeah, but Outlook only downloads only one AL included in the OAB, either the GAL or any additional one, it was like that last time I tried. There’s been some bugs around that…

  9. Dame Luthas

    Great post Paul. I remember having a similar issue quite a while ago.

  10. Kottees

    Good trick Paul and Jeff, will try it out.

Leave a Reply