Re: Send-As permission issue
- From: <RealDeal1@xxxxxxxxxxxxx>
- Date: Tue, 17 Jun 2008 16:35:34 -0700
Hi Robbin,
I checked the suggestions below but the boxes are checked for inheratance.
Its odd that I did not receive your reply in the newsgroup but found it on
the Internet when searching about my issue. The problem is still occurring
so we are moving users that are having these issues to Exchange 2007 since
it works consistantly there. One more idea I had: could this be because of
our A/D topology. We have an empty root domain and a child domain. When I
installed 2003 exchange it only installed in the child domain. No RUS was
installed in the empty root. When installing Exchange 2007, it didn't really
give me a choice. It forced itself into the empty root domain. I wouldn't
think that this would matter since the GC contains all objects in the
forest.
Has anyone else seen this issue? Again, the send-as rights never disappear
from ADUC but when a user is using outlook and is on Exchange 2003 they
sometimes get the pop-up that says they do not have rights to send as that
user. But at the exact same time, a user who has the same send as rights but
is on Exchange 2007 can send-as just fine. Then a few hours later, the
send-as permission starts to work again for the user on Exchange 2003. I'm
totally baffled. Exchange 2003 should be checking A/D for the send-as
permission which is clearly applied but since the introduction of Exchange
2007 this issue has surfaced......
Here is your response I found on the Internet:
"Robbin Meng [MSFT]" 5/12/2008 8:18 PM PST
Hello,
Thank you for your response and clarification.
Regarding the current situation, I suggest we check the
following settings
and use ExchDump tool to check the related permission
configurations.
Depending on the parameters that you specify in the
command-line when you
run the ExchDump tool to list the users who have specific
rights. For
related information, please refer to:
1. Verify that the "Allow inheritable permissions from the
parent to
propagate to this object and all child objects. Include
these with entries
explicitly defined here." checkbox has not been unchecked
on the mailbox
store(s) or Exchange server.
This should never be unchecked. Use one of the following
methods to verify:
a. Run either an ExBBPA health check or Permissions report
b. Run ExchDump tool to dump the permissions on the
mailbox store:
Overview of the ExchDump tool for Exchange 2000 Server and
for Exchange
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;839116
If permissions inheritance has been disabled, it will be
listed under the
"Objects Flagged for Further Investigation" section of the
dump.
c. Use either the Exchange System Manager and/or ADSIEdit
to verify by
starting at the mailbox store and working up the Exchange
tree.
More information at:
Delegated permissions are not available and inheritance is
automatically
disabled
http://support.microsoft.com/kb/817433/en-us
The "Send As" right is removed from a user object after
you configure the
"Send As" right in the Active Directory Users and
Computers snap-in in
Exchange Server
http://support.microsoft.com/kb/907434/en-us
"Send As" permission behavior change in Exchange 2003
http://support.microsoft.com/kb/895949/en-us
Hope this helps.
Thank you for your time and cooperation!
Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If
you have issues
regarding other Microsoft products, you'd better post in
the corresponding
newsgroups so that they can be resolved in an efficient
and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we
recommend you check the
"Notify me of replies" box to receive e-mail notifications
when there are
any updates in your thread. When responding to posts via
your newsreader,
please "Reply to Group" so that others may learn and
benefit from your
issue.
Microsoft engineers can only focus on one issue per
thread. Although we
provide other information for your reference, we recommend
you post
different incidents in different threads to keep the
thread clean. In doing
so, it will ensure your issues are resolved in a timely
manner.
For urgent issues, you may want to contact Microsoft CSS
directly. Please
check http://support.microsoft.com for regional support
phone numbers.
Any input or comments in this thread are highly
appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and
confers no rights.
""Robbin Meng [MSFT]"" <v-robmen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:kDUm8X%23rIHA.772@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
Thank you for your post.
My name is Robbin Meng, and it is my pleasure to work with you on this
issue!
Please allow me to confirm that my understandings are correct. As I
understand it, the issue is:
After you installed an Exchange 2007 server into the Exchange 2003
organization, some users on Exchange 2003 lost the send-as
ability for certain specific mailbox, although none of the users'
permissions have been changed.
If I have misunderstood your concerns please feel free to let me know.
Before we go further, I would like to clarify what operation you have done
when you refer to "transition"? Would you like to migrate from one forest
to another including all AD information? Or just installed an Exchange
2007
server to replace the previous Exchange 2003 server?
Since the "Send AS" permission is configured in AD and stored in AD
database and doesn't matter where user's mailbox is located. If you didn't
migrate AD information, the user's "Send AS" permission should not be
modified regardless where its mailbox is stored.
According to the symptoms, this issue is a little bit strange as it
constantly occurs. I suggest we do a test:
1. select userA which has mailbox stored on Exchange server 2003;
2. Open ADUC and modify its "Send AS" permission, e.g. add "Send AS"
permission to userB;
3. In ADUC, select userA and run "Exchange Task" to move its mailbox to
the
Exchange server 2007 mailbox store;
4. Confirm the transition is successful and userA can logon the mailbox;
5. Open ADUC and select userA and check whether its "Send AS" permission
is
lost.
I hope these steps will give you some help. Also, if you have any
questions
or concerns, please do not hesitate to let me know.
Thank you for your time and cooperation!
Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- Follow-Ups:
- Re: Send-As permission issue
- From: "Robbin Meng [MSFT]"
- Re: Send-As permission issue
- From: RealDeal1
- Re: Send-As permission issue
- Prev by Date: Re: Renaming an Administrative Group?
- Next by Date: Re: Send-As permission issue
- Previous by thread: 'Connection Was Dropped By Remote Host' and Queuing Outbound Mail - Help!
- Next by thread: Re: Send-As permission issue
- Index(es):
Relevant Pages
|
Loading
