We just added a new domain to our e-mail servers, call it def.com. Only one user in the organization needs an e-mail address for that domain. The user already has an existing e-mail address of ss@abc.com, so we added an alias of ss@def.com. The user will intermittently need to use ss@def.com in the From field, but her primary address needs to remain ss@abc.com. When she attempts to send a message from the ss@def.com address to an internal or external mail domain she gets this NDR: The following recipient(s) could not be reached: test@domain.com on 5/11/2011 10:58 AM You do not have permission to send to this recipient. For assistance, contact your system administrator. MSEXCH:MSExchangeIS:/DC=com/DC=domain:ExchangeServerName Exchange is generating the error internally and it's not even getting to the next mail hop. What options are available to allow her to send from both addresses? Thanks! Jim

Based on your description, I understand that the user added a secondary SMTP address ss@def.com and the user would like to send message via both the first SMTP address and second SMTP address. If I am misunderstood, please let me know. Based on my research, Exchange does not have specific feature to select second SMTP address as the sender. If you would like to keep each SMTP address, you have to create a new user account in ADUC and assign the second SMTP address to him. The, you can configure the two mailboxes in Outlook and select which one you would like to use as the sender. Alternatively, you can also refer to the following thread: http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/f0b6e264-4a8c-414d-b11b-f0c06a00c0c6 Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi JimCass, just curios? I would just like to know 1. what release / version of Exchange do you have on your environment? 2. was the Exchange server and DNS installed over the Domain Controller machine? 3. what domain you have used from your environment? 4. or can you ran dcdiag please? post the full results in here, let see what all can we do? thanks. -onin. MCITP:SA, MCITP:EMA, MCITP:EA, MCTS, CCENT, CCNA, LPIC-1, LPIC-2 | website: http://ninuruy.wordpress.com

Hi JimCass, Or if you are in hurry to find the answer, you may try to. 1. make your alias set to ss@def.com email instead of ss@abc.com. 2. from your outlook where you send an email don't use from field now because the ss@def.com is already your default email reflected from your recipeint side once the email arrived to them. thanks -onin.MCITP:SA, MCITP:EMA, MCITP:EA, MCTS, CCENT, CCNA, LPIC-1, LPIC-2 | website: http://ninuruy.wordpress.com

How is thing going on? If there is any problem, please feel free to post it here to discuss. Regards, Novak Wu in forumTechNet Subscriber Support If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi JimCass, just curios? I would just like to know 1. what release / version of Exchange do you have on your environment? 2. was the Exchange server and DNS installed over the Domain Controller machine? 3. what domain you have used from your environment? 4. or can you ran dcdiag please? post the full results in here, let see what all can we do? thanks. -onin. MCITP:SA, MCITP:EMA, MCITP:EA, MCTS, CCENT, CCNA, LPIC-1, LPIC-2 | website: http://ninuruy.wordpress.com

Hi JimCass, Or if you are in hurry to find the answer, you may try to. 1. make your alias set to ss@def.com email instead of ss@abc.com. 2. from your outlook where you send an email don't use from field now because the ss@def.com is already your default email reflected from your recipeint side once the email arrived to them. thanks -onin.MCITP:SA, MCITP:EMA, MCITP:EA, MCTS, CCENT, CCNA, LPIC-1, LPIC-2 | website: http://ninuruy.wordpress.com

There are now a couple more users who will have the same setup. I'm not crazy about creating secondary accounts but it seems like the easiest solution short of hosting the mailboxes elsewhere (they'd need to remember to check it or keep the window open) or creating funky groups as mentioned in another link. Wire0: Just swapping the addresses isn't beneficial at this time. Your answers, though: 1. Exchange 2003 SP2, with 2010 SP1 schema updates installed for an upcoming transition 2. Exchange servers do not have the DC/DNS roles installed. 3. I don't understand the question. 4. I don't see the value of this request.

Based on my research, all versions of Exchange cannot select second SMTP address as the sender. As I mentioned above, you have two choices to resolve the problem. 1. Create another user account and assign the SMTP address to him. 2. Use the third party software as the link above. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi JimCass, ok, here's the deal. Since you were running Exchange 2003 Server at this moment, then you will have to... 1) make a recipient policy for the newly created or added domain on your organization. Remember to use your def.com as your default SMTP, your organization will recognized and/or learned that this domain is legitimate so you be able to get permitted to send. Check this link for your format guide, http://support.microsoft.com/kb/822447 2) set a value to the specific user's properties under ADUC, I would recommend to set DEF (as it is your newly added domain from your organization) value to the Organization field of the properties of user under ADUC. NOTE: this one must be your ID for the Policy you have just created from #1. (this must be coincide) So, within this scenario, only user the bearing the "DEF" value from the Organization properties would be affected, so, I'm pretty sure this would work from your end... -onin.MICROSOFT CERTIFIED: [MCITP: SA], [MCITP: EMA], [MCITP: EA], [MCTS], [MCP] CISCO CERTIFIED: [CCENT], [CCNA], LINUX CERTIFIED: [LPIC-1], [LPIC-2] Blog Website: http://ninuruy.wordpress.com

Hi JimCass, ok, here's the deal. Since you were running Exchange 2003 Server at this moment, then you will have to... 1) make a recipient policy for the newly created or added domain on your organization. Remember to use your def.com as your default SMTP, so, your organization will recognize and/or learn that this domain is legitimate so you would be able to get permitted to send. We need to register this domain for this sake to the recipient policy. Check this link for your guide and walk-through, http://support.microsoft.com/kb/822447 2) set a value to the specific user's properties under ADUC, I would recommend to set DEF (as it is your newly added domain from your organization) value to the Organization field of the properties of user under ADUC. NOTE: this one must be your ID for the Policy you have just created from #1. (this must be coincide) So, within this scenario, only user that bearing the "DEF" value from the Organization properties would be affected, so, I'm pretty sure this would work from your end... -onin. MICROSOFT CERTIFIED | [MCITP: SA], [MCITP: EMA], [MCITP: EA], [MCTS], [MCP] CISCO CERTIFIED | [CCENT], [CCNA] LINUX CERTIFIED: [LPIC-1], [LPIC-2] Blog Website: http://ninuruy.wordpress.com

Hi JimCass, ok, here's the deal. Since you were running Exchange 2003 Server at this moment, then you will have to... 1) make a recipient policy for the newly created or added domain on your organization. Remember to use your def.com as your default SMTP, so, your organization will recognize and/or learn that this domain is legitimate so you would be able to get permitted to send. We need to register this domain for this sake to the recipient policy. Check this link for your guide and walk-through, http://support.microsoft.com/kb/822447 2) set a value to the specific user's properties under ADUC, I would recommend to set DEF (as it is your newly added domain from your organization) value to the Organization field of the properties of user under ADUC. NOTE: this one must be your ID for the Policy you have just created from #1. (this must be coincide) So, within this scenario, only user that bearing the "DEF" value from the Organization properties would be affected, so, I'm pretty sure this would work from your end... -onin. MICROSOFT CERTIFIED | [MCITP: SA], [MCITP: EMA], [MCITP: EA], [MCTS], [MCP] CISCO CERTIFIED | [CCENT], [CCNA] LINUX CERTIFIED: [LPIC-1], [LPIC-2] Blog Website: http://ninuruy.wordpress.com

1) Are you saying that the new domain needs to be primary? Because the bulk of the e-mail they respond to will be ABC.com. If DEF.com is the default, then they would need to fill in the from field almost all the time if they wanted to use ABC.com, right? That would not be productive. 2. It can be any attribute on the account object, or I could make a distribution list with the members in it, and make that a filter for the policy, right?

I am not sure what the above poster is on about. The bottom line is that you cannot select the email address to send email "from". As far as Exchange is concerned, all users only have one email address - the default. All other email addresses are just aliases for INBOUND only. If you want to send as an alternative address you have three options. 1. An additional account. This additional account will have Send As permissions granted to the primary account. You can then either leave this account as a separate mailbox or forward it to the primary mailbox. The from field controls which account you send as. Outlook 2010 gives you a drop down list for the accounts, older versions have to populate the From field as additional accounts. 2. A third party tool - Choose From from ivasoft.biz 3. A kludge involving dummy POP3 accounts. Basically the same as above. I have outlined the above options in more detail here: http://exchange.sembee.info/2003/mailbox/twodomainsoneuser.asp Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

1) Are you saying that the new domain needs to be primary? Because the bulk of the e-mail they respond to will be ABC.com. If DEF.com is the default, then they would need to fill in the from field almost all the time if they wanted to use ABC.com, right? That would not be productive. 2. It can be any attribute on the account object, or I could make a distribution list with the members in it, and make that a filter for the policy, right? 1) There was a situation that send as permission is enabled already to the permitted user but still they got this " You do not have permission to send to this recipient". I've experienced this issue before. When I have created the recipient policy of the newly created domain on the Organization. Everything was working fine. I was able to send and receive their email. Now, from this scenario, let me explain further, what's the purpose of the recipient policy feature of Exchange Server 2003? The purpose of the policy is to use the rule or rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. If you use recipient policies, it is easy to apply or alter the rules; you do not need to reconfigure settings individually on each object. You can also change recipient policy priority levels to change the way in which multiple policies are adjusted. The default recipient policy acts on all objects in the Exchange Server organization. Do not delete the default policy; however, you can create other recipient policies to override this setting because the priority level of the default policy is set to lowest. It must be always remembered that priorities could trigger how policy being affected to the object. Now let me parse this with one of your problem, since you want to, "The user will intermittently need to use ss@def.com in the From field, but her primary address needs to remain ss@abc.com." without touching the "FROM" field when composing. we say it is productive when it comes to this situation right now, because, it would isolate the "which object?", "how object?", and "when object?" of this type would be affected. 2) yes, as long as you've specified which attribute you want to refer from. 3) I almost forgot to mentioned that, test@domain.com is located on what network? local or internet, because, I've suspected that if you were trying to send the email to the internet using test@domain.com as your recipient, absolutely you will be getting ndr of course coming from them. For testing purposes, I would recommend from disconnecting the Internet connection until such the time that all your local messaging communication is working, because, when the time your Exchange Server has internet connection it will communicate to the internet so all mails will be sent to the internet, this is one issue could possibly be overridden. I think this would be the cause of the ndr you've got as "You do not have permission to send to this recipient". 4) I believe you are working from your lab, right? MICROSOFT CERTIFIED | [MCITP:SA] [MCITP:EMA] [MCITP:EA] [MCTS] [MCP] ............ CISCO CERTIFIED | [CCENT] [CCNA] ...................................................................... LINUX CERTIFIED | [LPIC-1] [LPIC-2] ......................................................................... Blog Website | http://ninuruy.wordpress.com .............................................................

1) Are you saying that the new domain needs to be primary? Because the bulk of the e-mail they respond to will be ABC.com. If DEF.com is the default, then they would need to fill in the from field almost all the time if they wanted to use ABC.com, right? That would not be productive. 2. It can be any attribute on the account object, or I could make a distribution list with the members in it, and make that a filter for the policy, right? 1) There was a situation that when send as permission is enabled already to the permitted user but still they got this " You do not have permission to send to this recipient". I've experienced also this issue before. When I have created the recipient policy of the newly created domain on the Organization. Everything was working fine. I was able to send and receive their email. Now, from this scenario, let me explain further, what's the purpose of the recipient policy feature of Exchange Server 2003? The purpose of the policy is to use the rule or rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. If you use recipient policies, it is easy to apply or alter the rules; you do not need to reconfigure settings individually on each object. You can also change recipient policy priority levels to change the way in which multiple policies are adjusted. The default recipient policy acts on all objects in the Exchange Server organization. Do not delete the default policy; however, you can create other recipient policies to override this setting because the priority level of the default policy is set to lowest. It must be always remembered that priorities could trigger how policy being affected to the object. Now let me parse this with one of your problem, since you want to, "The user will intermittently need to use ss@def.com in the From field, but her primary address needs to remain ss@abc.com." without touching the "FROM" field when composing. we say it is productive when it comes to this situation right now, because, it would isolate the "which object?", "how object?", and "when object?" of this type would be affected. 2) yes, as long as you've specified which attribute you want to refer from. 3) I almost forgot to mentioned that, test@domain.com is located on what network? local or internet, because, I've suspected that if you were trying to send the email to the internet using test@domain.com as your recipient, absolutely you will be getting ndr of course coming from them. For testing purposes, I would recommend from disconnecting the Internet connection until such the time that all your local messaging communication is working, because, when the time your Exchange Server has internet connection it will communicate to the internet so all mails will be sent to the internet, this is one issue could possibly be overridden. I think this would be the cause of the ndr you've got as "You do not have permission to send to this recipient". 4) I believe you are working from your lab, right? MICROSOFT CERTIFIED | [MCITP:SA] [MCITP:EMA] [MCITP:EA] [MCTS] [MCP] ............ CISCO CERTIFIED | [CCENT] [CCNA] ...................................................................... LINUX CERTIFIED | [LPIC-1] [LPIC-2] ......................................................................... Blog Website | http://ninuruy.wordpress.com .............................................................

1) Are you saying that the new domain needs to be primary? Because the bulk of the e-mail they respond to will be ABC.com. If DEF.com is the default, then they would need to fill in the from field almost all the time if they wanted to use ABC.com, right? That would not be productive. 2. It can be any attribute on the account object, or I could make a distribution list with the members in it, and make that a filter for the policy, right? 1) There was a situation that send as permission is enabled already to the permitted user but still they got this " You do not have permission to send to this recipient". I've experienced this issue before. When I have created the recipient policy of the newly created domain on the Organization. Everything was working fine. I was able to send and receive their email. Now, from this scenario, let me explain further, what's the purpose of the recipient policy feature of Exchange Server 2003? The purpose of the policy is to use the rule or rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. If you use recipient policies, it is easy to apply or alter the rules; you do not need to reconfigure settings individually on each object. You can also change recipient policy priority levels to change the way in which multiple policies are adjusted. The default recipient policy acts on all objects in the Exchange Server organization. Do not delete the default policy; however, you can create other recipient policies to override this setting because the priority level of the default policy is set to lowest. It must be always remembered that priorities could trigger how policy being affected to the object. Now let me parse this with one of your problem, since you want to, "The user will intermittently need to use ss@def.com in the From field, but her primary address needs to remain ss@abc.com." without touching the "FROM" field when composing. this is productive when it comes to this situation, because, it would isolate the "which object?", "how object?", and "when object?" type of being affected according to the priority raised. 2) yes, as long as you've specified which attribute you want to refer from. 3) I almost forgot to mentioned that, test@domain.com is located on what network? local or internet, because, I've suspected that if you were trying to send the email to the internet using test@domain.com as your recipient, absolutely you will be getting ndr of course coming from them. For testing purposes, I would recommend from disconnecting the Internet connection until such the time that all your local messaging communication is working, because, when the time your Exchange Server has internet connection it will communicate to the internet so all mails will be sent to the internet, this is one issue could possibly be overridden. I think this would be the cause of the ndr you've got as "You do not have permission to send to this recipient". 4) I believe you are working from your lab, right? MICROSOFT CERTIFIED | [MCITP:SA] [MCITP:EMA] [MCITP:EA] [MCTS] [MCP] ............ CISCO CERTIFIED | [CCENT] [CCNA] ...................................................................... LINUX CERTIFIED | [LPIC-1] [LPIC-2] ......................................................................... Blog Website | http://ninuruy.wordpress.com .............................................................

1) Are you saying that the new domain needs to be primary? Because the bulk of the e-mail they respond to will be ABC.com. If DEF.com is the default, then they would need to fill in the from field almost all the time if they wanted to use ABC.com, right? That would not be productive. 2. It can be any attribute on the account object, or I could make a distribution list with the members in it, and make that a filter for the policy, right? 1) There was a situation that when send as permission is enabled already to the permitted user but still they got this " You do not have permission to send to this recipient". I've experienced also this issue before. When I have created the recipient policy of the newly created domain on the Organization. Everything was working fine. I was able to send and receive their email. Now, from this scenario, let me explain further, what's the purpose of the recipient policy feature of Exchange Server 2003? The purpose of the policy is to use the rule or rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. If you use recipient policies, it is easy to apply or alter the rules; you do not need to reconfigure settings individually on each object. You can also change recipient policy priority levels to change the way in which multiple policies are adjusted. The default recipient policy acts on all objects in the Exchange Server organization. Do not delete the default policy; however, you can create other recipient policies to override this setting because the priority level of the default policy is set to lowest. It must be always remembered that priorities could trigger how policy being affected to the object. Now let me parse this with one of your problem, since you want to, "The user will intermittently need to use ss@def.com in the From field, but her primary address needs to remain ss@abc.com." without touching the "FROM" field when composing. we say it is productive when it comes to this situation right now, because, it would isolate the "which object?", "how object?", and "when object?" of this type would be affected. 2) yes, as long as you've specified which attribute you want to refer from. 3) I almost forgot to mentioned that, test@domain.com is located on what network? local or internet, because, I've suspected that if you were trying to send the email to the internet using test@domain.com as your recipient, absolutely you will be getting ndr of course coming from them. For testing purposes, I would recommend from disconnecting the Internet connection until such the time that all your local messaging communication is working, because, when the time your Exchange Server has internet connection it will communicate to the internet so all mails will be sent to the internet, this is one issue could possibly be overridden. I think this would be the cause of the ndr you've got as "You do not have permission to send to this recipient". 4) I believe you are working from your lab, right? MICROSOFT CERTIFIED | [MCITP:SA] [MCITP:EMA] [MCITP:EA] [MCTS] [MCP] ............ CISCO CERTIFIED | [CCENT] [CCNA] ...................................................................... LINUX CERTIFIED | [LPIC-1] [LPIC-2] ......................................................................... Blog Website | http://ninuruy.wordpress.com .............................................................