Good morning. I am running Exchange 2010 SP1 w/Rollup 1. I am having an issue where I cannot assign "Send As" permissions to users. I can provide "Full Access" to users, but not "Send As". While my account and our Admin account are both members of Domain Admins as well as Organization Management, DSACLS has been run to change the AdminSDHolder. Here is the error I am receiving. Any help would be appreciated. Domain\NewSendAsUser Failed Error: Active Directory operation failed on roc34.nixonpeabody.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 The user has insufficient access rights. Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.140).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B Exchange Management Shell command attempted: Add-ADPermission -Identity 'CN=Lastname, Firstname,OU=Personnel - Unrestricted Access,OU=Firm Users,DC=Domain,DC=com' -User 'FIRM\NewSendAsUser' -ExtendedRights 'Send-as' Kevin Klingerman MCITP: Enterprise Messaging Administrator 2010 (Charter)

Do the accounts you are trying to apply permissions to have inheritance enabled? ( as well as your own?)

Can you change the SendAs permission from ADSIEdit? If so, then I don't think the problem is with your account. From what I've been told, it seems that under Exchange 2010, implicit remoting and RBAC means you don't make those changes directly. The Exchange server your session is connected to makes the changes under it's own authority (Exchange Trusted Subsystem) on your behalf, provided you hold the role permission in RBAC that allow it. From the sound of it, it's that account that doesn't have permission to change the Send As right. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Can you change the SendAs permission from ADSIEdit? If so, then I don't think the problem is with your account. From what I've been told, it seems that under Exchange 2010, implicit remoting and RBAC means you don't make those changes directly. The Exchange server your session is connected to makes the changes under it's own authority (Exchange Trusted Subsystem) on your behalf, provided you hold the role permission in RBAC that allow it. From the sound of it, it's that account that doesn't have permission to change the Send As right. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " Ive only seen that problem with public folders myself. You can of course also use ADUC to set the SEND AS for user accounts.

Ive only seen that problem with public folders myself. You can of course also use ADUC to set the SEND AS for user accounts. I haven't actually seen the problem. Right now it's just a theory, based on what I know about how it works and the symptoms. I'd suggest a way to test that theory would be to manually load the snapin into a PS session and see if that works, but I get fussed at if I suggest doing that.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Do the accounts you are trying to apply permissions to have inheritance enabled? ( as well as your own?) That's the ticket. User had Inheritance turned off. Ugh! Why do I have to give others access to ADUC? Thanks you so much for saving my pre-Thanksgiving early dismissal.Kevin Klingerman MCITP: Enterprise Messaging Administrator 2010 (Charter) MCSE+Messaging 2000/2003

Ive only seen that problem with public folders myself. You can of course also use ADUC to set the SEND AS for user accounts. I haven't actually seen the problem. Right now it's just a theory, based on what I know about how it works and the symptoms. I'd suggest a way to test that theory would be to manually load the snapin into a PS session and see if that works, but I get fussed at if I suggest doing that. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " No fussin from me! :)