It isn't something to do with AD Security Permissions? I know that if a user needs to use a Mobile device to connect to their emails then I need to give them allow access to Create msExchActiveSyncDevices objects and Delete msExchActiveSyncDevices objects
Wanted I wanted to see was the actual email addresses so I can see what's going on. I know you have edited by giving the description but I wanted to verify. Can you PM me?
It says it's too long, can you PM your email address please?
cant seem to send a PM, will try again.
I have been having the same issues and found your forum looking for the answer. I just worked through the issue and wanted to let you all know what I did...
Originally Posted by darrenmcginnis
My symptoms: Trying to Send As another mailbox user for which the sending user had full access permissions. This was not an issue testing from my login which is a Domain Admin. Received all variations of no access to send as the specified user when testing from non-Domain Admin accounts.
Exchange - User must have full access permission and send on behalf permission. Send As permission not required. (the send as was not needed for the domain admin account. Inheritance setting were the same between the Domain User and Domain Admin accounts.)
Outlook - Open Mail from Control Panel and delete the existing profile. Create a new profile named Outlook and add your primary account. Choose "Add another account" after your primary account has been configured and add the account for which you've given yourself/the user full access/send on behalf permissions. This worked for cached exchange mode.
Open Outlook. You'll see the second account listed twice. Close Outlook. Open Outlook. The second listing will have dropped off. Click the second account and start a new message. The From should already be set as the secondary account.
In addition you may configure Signatures for each account. The signature will change depending on which account you start the message from, or for whichever account you choose the message to be From once composing.
NOTE: Another little nugget I learned along the way is that the account/s you wish to send on behalf of MUST NOT be hidden from the Address Lists.
Hope this helps someone!
Does anyone have a solution for the original problem? I'm having the exact same situation - some of my users cannot use SendAs while others can. SendOnBehalfOf is no option in our environment.
The problems started after applying SP3 RU2 to all of our EX2010. We have over 60 DCs, some 24 EX with CAS/HUB/MBX roles and 1 DAG, 8 MBX only in 2 stretched DAGs, 6 CAS/HUB only behind LoadBalancers.
Removing the address we want to send as and re-adding works for just one email, as described by the others having this problem, but this is not really an option, for sure.
If someone has a hint where to look for, I'd be glad.
1) does it work from webmail?
2) disable outlook autocomplete and try again adding the email specifically by selecting from the address book not typing by self
2) disable outlook autocomplete and try again adding the email specifically by typing and not from the address book
Yes, it does work each time. But whats notable: The address in question is disappearing from the From: Button, so I have to re-enter it each time I compose a new message. With other accounts, from which the users can SendAs as wanted, the SendAs-addresses do NOT disappear.
Originally Posted by Demarcation
None of the above change the behaviour: The first email gets send correctly, the following don't.
Originally Posted by Demarcation
Remarkably, when I delete and re-add the permission over and over, sending emails using the SendAs right at some point works ok. This is not reproducable - sometimes it takes 3 tries, sometimes 6, some work from the very start. Not the game I can play with my users.
Remarkable might be, that the SendAs addresses in question are in fact contacts, not mailboxes. SendAs on mailboxes works all the time for every user. If it wouldn't, we'd be at a loss, because none of my users actually use the account they're logged in with to send emails, but use a second mailbox the have FullAccess to and the SendAs right for. It's just some contacts that can't be used as SendAs.
We used to set the SendAs right via Add-ADPermission, which after applying SP3 RU2 is not usable anymore. Trying Add-ADPermission throws an Error 5, "Permission denied", no matter which admin tries to use it. Even Exchange Organization Admins cannot set the SendAs right via Add-ADPermission, so we have to use the security tab in ADUC. I don't know if this has something to do with the problem of being unable to actually *use* the SendAs right, but it sounds strange that we cannot set it for contacts and not use it with contacts, so there might be a connection between the two errors.
Any hint would be greatly appreaciated.
I finally got this working just recently, I think it was linked to it not finding it in the Global Address List. Are the email accounts you are trying to SendAs visible and available in the GAL?
I resolved this. In fact, it has something to do with the address lists, but nothing one could have expected:
We're using Outlook 2010. When Outlook wants to send a message one has SendAs rights onto, it does not simply give the address to the mailbox server in question, which would be sufficient, but instead it seems to pass a pointer to the entry in the address list the entry derives from. Having Outlook configured in the way that it starts searching in a customized address list and NOT letting it continue the search in the global address list makes it merely impossible to use addresses from the global address list as SendAs addresses. You have to put those addresses in the customized address list.
This is complete nonsense, because Outlook could have let the mailbox server decide wether to accept the message or not (which in fact it does in cached mode!), but I guess we have to live with it.