Ok so here it is, and since this seems like a really trivial question, I am hoping someone else has come across the same thing. The goal: Create a mailbox to be shared by multiple users, for which one user is an owner (read: responsible for the mailbox, read: is the one who gets fired when someone uses the account to call the boss an idiot) and many people can have differing permission sets on the shared account (some delegates, some folder level access, etc...) This sounds relatively trival. Once the mailbox is created we want to HAND OFF administration of Send-As/Send on Behalf/Full Mailbox/Delegates,etc... to the owner user (read: Don't call the Admin, do it yourself). So I have made a shared mailbox. SHAREDMAILBOX (Using EMS) I have granted Full Mailbox permissions to me. USER1 (Using EMS) So USER1 opens SHAREDMAILBOX as an additional mailbox because they want to add additional users to folder level permissions, no problems. However, USER1 cannot grant ANYONE delegate permissions on SHAREDMAILBOX, and it fails with the error: "The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object. " A quick google finds http://support.microsoft.com/kb/950794 but it doesn't really fix the problem (as it doesn't really apply to the situation), it just ignores the error and doesn't grant the Send on Behalf of permission. So as a test, I gave USER1 "Full Control" permissions in ADUC (because I got lazy and wanted to see it work), and it STILL DIDN'T LET IT WORK. So my question is, what permission would I need to grant USER1 so that they CAN add delegates to mailboxes for which they have Full Mailbox Access. Has anyone else seen this "problem" or is this even possible? Is there a better way to accomplish the same thing? Many thanks, -M

You can give him a script: http://gsexdev.blogspot.com/2009/04/add-delegates-to-mailbox-with.html[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

That doesn't exactly seem like a simple permission solution to me. Also all that does is add the delegate using EWS, but if the user doesn't have permissions to Grant Send On Behalf (which is the problem), it is still going to fail. All I really want is to know what permission I can grant USER1 so that they can set "Send On Behalf Of" for SHAREDMAILBOX. This way when I run the script to generate SHAREDMAILBOX, it grants the specified user (USER1) Full Maibox Access and whatever permission is required to correctly add delegates. If set a password and enable the SHAREDMAILBOX user (which is disabled by default), I can log in as SHAREDMAILBOX and grant the delegate, but we want to avoid having an active user account for SHAREDMAILBOX that USER1 would need the password to. See what I mean? -M

As far as I know you can only assign delegates from Outlook by opening the mailbox with an Outlook profile for that mailbox. You cannot create delegates in another user's mailbox.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Hi Matty, Any update for your issue? Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.