Windows Server 2003 with Exchange 2007, Send As permission is auto removed.
Hi,
1st post so not to sure what to put in, but here goes
From within the EMC I right click on the mail box, select Manage Send As Permission, add in the user / user's.
Then after an hour this is then removed.
Standard mail box and user.
Microsoft Windows Server 2003 R2
Standard x64 Edition
Service Pack 2
Exchange Server 2007
Microsoft Corporation
Version: 08.01.0340.000
Active Directory Users and Computers
Microsoft Corporation
Version: 6.1.7601.17514
March 13th, 2012 10:47am
Hello,
please check if the user is in one of the protected groups:
http://policelli.com/blog/archive/2009/11/06/understanding-adminsdholder-and-protected-groups/
The problem is probably the use of AdminSDHolder.
Greetings,
Toni
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2012 6:41am
Hi,
You can refer to the link
http://support.microsoft.com/?kbid=907434 and find the casues and resolutions:
'The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the
security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object.
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.'
Resolutions:
'We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory
accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.'
Hope it helps.
Thanks
Sophia Xu
TechNet Community Support
March 15th, 2012 3:36am
Hi,
You can refer to the link
http://support.microsoft.com/?kbid=907434 and find the casues and resolutions:
'The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the
security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object.
The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.'
Resolutions:
'We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory
accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.'
Hope it helps.
Thanks
Sophia Xu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 15th, 2012 10:36am