Send As-Permission
I have a mixed MX2003/MX2007 environement, the MX2003 is WIndows2003Server, the MX2007 runs on Windows 2008 Server. I have migrated all mailboxes for now and I'm currently tuning the behaviour of the system a bit. Final goal is to deinstall completly the 2003, because the hardware is obsolete.
Now my issue: I have some mailboxes with a special set of "Send as" Permissions configured. I want to duplicate those settings to another mailbox. If I check on the Exchange2003-in the ActiveDirectory I can see those permission. On the Exchange2007 EMC those Permission are not shown on the Mailbox. I can add additional "Send as"-Permission in the EMC, but I cannot see if and which were applied....only by checking in the AD i can see these permissions.
I'm Iconfusing some different set of "Send As"-Permission?
Is the feature incompletly implemented in EMC?
What will happen if I deinstall the MX2003? Wherecan I check the "Send As"-Permission afterwards?
Is this only possible by using a PowerShell-Script?
Maintenance of "Send As"-Permission is a job for our Helpdesk...what is best practices for maintaining these permissionsin the future?
thx
Gerhard
July 31st, 2008 5:42pm
It's in the TechCenter Library
Exchange 2007
How to Grant the Send As Permission for a Mailbox
http://technet.microsoft.com/en-us/library/aa998291(EXCHG.80).aspx
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2008 11:58pm
Hi Scott,
thanks for an initial pointer, but this only helps a small step:
I used the Command:
Add-ADPermission -Identity "Frank Hoch" -User gur -AccessRights extendedright -ExtendedRights "send as"
This should have given the User "gur" the "send As Permission" on the account of "Frank Hoch"
The result string seems to indicate this, even if the Identity is truncated:
Identity User Deny Inherited Rights-------- ---- ---- --------- ------Domain.loc... Domain\gur False False Send-As
BUT: a quick check in the AD doesnt show this permission to be set. The command seems not to be working.
I tried to make a query with get-adpermission, but I didn't find a way to get this working. The Technet-Article on this command is even more useless than the one on add-adpermission....
So I looked around and found inside the EMC on the Tab that says "Nachrichtenbermittlungsoptionen" -> "message transfer Options" (or something, the installation is german, and I have no clue how this translates in the original) I found an option that reveals the "send as": and this seems to be working: it shows the existing permissions, a new one can be added and existing ones could be deleted.
So in the EMC you have two positions where the "send as"-permission can be set, one is working the other one isn't.
So, my question remains: are there different "send as"-Permissions existing?
And how do I get these two commands(Add-ADPermission and Get-ADPermission) to be working? Is there anywhere some useful documentation?
August 1st, 2008 10:52am
Hi,
To make Get-ADpermission function, please run it based on the following format:
Get-Adpermission identity Frank Hoch user gur |fl
Through this, you can view what the permission of the Frank Hoch account has been granted on the account of gur. If you run get-adpermission identity Frank Hoch |fl, you could view the accounts who own the permission on the Frank Hoch account.
To grant the permission of send as, what you did on the command is right.
The methods on the granting the Send as permission have the same outcome. One is via EMC, the other is via the command in EMS. No matter what methods you try, we can get the same result by looking up the security tab in AD or clicking Manage send as permission in Recipient ConfigurationMailbox.
Thanks
Allen
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2008 6:50am