Hi, 1st post so not to sure what to put in, but here goes From within the EMC I right click on the mail box, select Manage Send As Permission, add in the user / user's. Then after an hour this is then removed. Standard mail box and user. Microsoft Windows Server 2003 R2 Standard x64 Edition Service Pack 2 Exchange Server 2007 Microsoft Corporation Version: 08.01.0340.000 Active Directory Users and Computers Microsoft Corporation Version: 6.1.7601.17514

Hello, please check if the user is in one of the protected groups: http://policelli.com/blog/archive/2009/11/06/understanding-adminsdholder-and-protected-groups/ The problem is probably the use of AdminSDHolder. Greetings, Toni

Hi, You can refer to the link http://support.microsoft.com/?kbid=907434 and find the casues and resolutions: 'The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object. The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.' Resolutions: 'We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.' Hope it helps. Thanks Sophia Xu TechNet Community Support

Hi, You can refer to the link http://support.microsoft.com/?kbid=907434 and find the casues and resolutions: 'The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object. The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.' Resolutions: 'We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.' Hope it helps. Thanks Sophia Xu TechNet Community Support