This has been discussed many times, but I still haven't found a solution for our case. Affected users so far have been administrative, which makes me think it's something to do with the Protected Group issue where it removes every hour, the ability to send email. However these admins sent email just fine in the old domain, so I'm still not sure how that applies. I tried running the PS command to add the external domain\user with SendAs rights. For some reason, I can't see this in the EMC, but the EMS says it's there. ???? Added NT Authority/SELF as well under the EMC Full Access and Send As - no luck. To clarify, it's is the "Unable to send on BEHALF" message that we're getting, not the "Send As" - so maybe this is where I'm going wrong with the above commands. Also to clarify - the Exchange 2007 server still resides in the old domain, there is a full trust between them. Thank you for any suggestions!

Hi, As you noted Send As and Send on Behalf are two different permissions. Can you run: - Set-Mailbox UsersMailbox -GrantSendOnBehalfTo UserWhoSendsonBehalf Also send of behalf won't work if the mailboxes are hidden from any address lists. Sean Massey | Consultant, iUNITE Feel free to contact me through My Blog, Twitter or Hire Me. Please click the Mark as Answer or Vote As Helpful button if a post solves your problem or is helpful!

Castinlu, One clarification on your original post - everything you said is correct, that is our model. However what is the definnition of a "linked mailbox" - I didn't do anything to the mailboxes to link them to the domain. I have test users who moved over without incident and work fine without any meddling. However, other users who are getting the error message about not being able to send "on behalf of" the logged in user, when attempting to send an email from their Outlook client. thnx

hi, So the user account is reside in new forest and the mailbox is reside in old forest. For example: You have a user, his name is test. And his mailbox is test@exchange.com. Now you migrate the user to the new forest. But maibox still reside in the old forest. Can they send/receive message successful when you finish the migration? So i think your mailbox is linked mailbox. About exchange resource forest you can see this link:http://technet.microsoft.com/en-us/library/aa998031.aspx hope can help you thanks, CastinLu TechNet Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi, As you noted Send As and Send on Behalf are two different permissions. Can you run: - Set-Mailbox UsersMailbox -GrantSendOnBehalfTo UserWhoSendsonBehalf Also send of behalf won't work if the mailboxes are hidden from any address lists. Sean Massey | Consultant, iUNITE Sean, I can't get this to work. Does this command work with an user in another domain? There is a trust and users are accessing resources such as file shares in the old domain OK. I've tried the following syntax for UserWhoSendsOnBehalf: newdomain\user user@newdomain user@newdomain.local Error is: Object "Domain\User" could not be found. Please make sure that it was spelled correctly or specify a different object. At line:1 char:1 + <<<< set-mailbox -Identity user@domain.com -GrantSendOnBehalfTo DOMAIN\user + CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException + FullyQualifiedErrorId : B08C1DB0 Any ideas? I also want to highlight - users do not have mailboxes in the new domain. The strange thing is, I have two non administrative test users who moved over OK and work just fine. Other production (administrative) users get the "Unable to send on behalf of" error when attempting to send email. They can access their mailboxes fine though. Thank you

Castinlu, Thanks for your posts. Are Linked Accounts required in a case like this? Users exist in both domains and accounts are active in both. SID History is working. Trust is working. Conditional DNS forwarding is enabled and working for each respective domain. What confuses me the most is I have two test accounts, that once copied to the new domain, can log into a new domain PC, with their new domain credentials, and automatically access their Exchange account in the old domain without problem. And send mail OK. Two other administrative users are similarily set up. They can access their email, but not send. Error is "unable to send on behalf of user". Why would two users work, and two not? The issue surrounding Protected Groups is in relation to SendAs, not SendOnBehalfOf. Thanks

hi, >>> Are Linked Accounts required in a case like this? Users exist in both domains and accounts are active in both. You should disable the account in old domain. Only leave the account in new domain is enabled. Grant the send on behalf permission see if it can work. >>>automatically access their Exchange account in the old domain without problem. And send mail OK. How about login in the new forest? >>>Two other administrative users are similarily set up. They can access their email, but not send. Error is "unable to send on behalf of user". Where do they login? Also old domain? Please post the whole NDR here and could you tell me more about the two administrative users. hope can help you thanks, CastinLu TechNet Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

hi, Any update? thanks, CastinLu TechNet Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Yes. The problem very simple. I misunderstood the syntax of the command: Set-Mailbox UsersMailbox -GrantSendOnBehalfTo UserWhoSendsonBehalf I was putting in the newdomain\user in place of the UserWhoSendsonBehalf - instead of simply the username (of the original domain, where Exchange resides). This seemed to fix the the problem right away. Thanks for your help

Yes. The problem very simple. I misunderstood the syntax of the command: Set-Mailbox UsersMailbox -GrantSendOnBehalfTo UserWhoSendsonBehalf I was putting in the newdomain\user in place of the UserWhoSendsonBehalf - instead of simply the username (of the original domain, where Exchange resides). This seemed to fix the the problem right away. Thanks for your help