Exchange 2003 - Send on behalf question
In case of send as permission on a mailbox/PF I can add security groups and users. But in case send on behalf I can add only users not groups. Can someone explain me the reason? Is there any work around?
For mailbox I can assign send on behalf to groups using outlook by adding the mail enabled security group to delegate tab, else i can use ADSIEDIT. What about public folders?
August 27th, 2009 11:24pm
"send on behalf of" can only be granted to a mailbox, such as a user or a resource mailbox. Since a distribution list is not a mailbox but merely a list, you can not send "on behalf of" that list, no. It is a list of people you send mail TO which then gets distributed to all who are memebers of that list. Instead create a resource mailbox and then you can grant "send on behalf of" permissions to whomever you wish. For mailbox I can assign send on behalf to groups using outlook by adding the mail enabled security group to delegate tab, The above is the workaround. Same is defined in the below KB. http://support.microsoft.com/kb/273459 Public folders donot have the feature of send on behalf of but you can use the Send As feature. and you can create Security Group and grant Send As rights on Public FolderVinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2009 4:37pm
I think you misunderstood my question or i am not explaining it well. Let me try again.
We will take the case of a resource mailbox. Suppose if I need to assign send as permission for multiple users to this mailbox. I can create a security group and add the users who want permission to it. If we assign send as and full mailbox permission to this list on mailbox. This will allow all the users in that list to access the mailbox and send as the mailbox. But this will not work in case of send on behalf permission, when you try to add permission, we will not be able to select the groups for assigning permission.
This isby design but I would like to know if there any reason behind it.
Public folders donot have the feature of send on behalf of but you can use the Send As feature
Your above statement is wrong, we will be able to assign send on behalf permission to mail enabled PF but permission can be given only to user not for security group.
August 31st, 2009 12:00pm
That is what i said in my comment above. "send on behalf of" can only be granted to a mailbox, such as a user or a resource mailbox. Since a distribution list/group is not a mailbox but merely a list, you can not send "on behalf of" that list. my bad. the Pf's do have "Send on behalf of user " and same rules apply to the PF'sVinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2009 12:10pm
Hi, You can also use adsiedit.msc tool to grant send on behalf of permission:1. Open ADSIEDIT.MSC2. Add the distinguished name of the security group in the "publicDelegates" attribute of the user account on which we want to grand the send on behalf of permission to the security group3. Force the replication among DCsThanks,Mike
August 31st, 2009 1:44pm
Hello,If I understand it correctly, what you are asking is a reason about why Send As can be granted to an object without mailbox while Send On Behalf can not be. Please correct me if I understood it incorrect.Send As permissions are extendedAD permissions and are processed by Transport components by directly quering the AD while, Send On Behalf of is a kind of delegate rule that also needs to store some data in the form ofa rulein mailbox of the delegate as well as the delegated user and the other portion is stored in publicDelegates and publicDelegateBL attribute on both user accounts. Same applies to public folders as well. What you can try is suggested by Mike.Milind Naphade | MCTS:M | http://www.msexchangegeek.com
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2009 4:43pm