Grant Send on Behalf Permissions

Hi,
Some one in organization modified Grant Send on behalf permission.
We have an application that monitors the changes and that application showed that one the userid's Grant Send on behalf permission got modified and some people got added to that list.
and after some time that list was cleared again(this shown by the application we developed) We are using powershell cmnds to monitor these changes.
But when we checked auditlogs we didn't find any admin audit log entry.
How it is possible, is it easy to clear the logs, where I can find these logs?
Regards,
Abhagwat

I don't know the nature of your auditing software, but you can modify the send-as permission directly in ADUC, etc, so its very possible the audit logs wouldn't record such modifications.
Mike Crowley | MVP
My Blog --
Planet Technologies

Similar Messages

  • Semi-Automated granting send on behalf rights - Exchange 2013/Exchange Shell

    Hi all,
    We have just upgraded to Exchange 2013 and currently cant set mailbox permissions via the Exchange Admin Center, we currently have to do it via Exchange Shell.
    Thats all fine but i would like to automate it so my team can run a script and get prompted to enter the target mailbox and the user's id.
    Im new to ExchangeShell/PowerShell so be gentle with your feedback, but this is what I have come up with:
    $RemoteEx2013Session = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri  ` -Authentication #-Credential (Get-credential)
    Import-PSSession $RemoteEx2013Session -AllowClobber
    $mailboxname = Read-Host "Please enter name of mailbox"
    $UserID = Read-Host "Please enter name of user"
    $output = set-mailbox $mailboxname -GrantSendOnBehalfTo $UserID
    When I run it I get "Insufficient access rights to perform the operation", I get what that means but if I manually type the command it works i.e    set-mailbox john.smith -GrantSendOnBehalfTo Jane.Smith
    Questions are: Is this possible to semi-automate this via powershell, and am i totally of track with the above commands?
    Thanks in advanced 

    Hi,
    According to the error message, it seems there is no proper permission to run this script.
    Please make sure you have proper permission, I suggest run this script as Administrator for testing if you are using an additional account now.
    Also suggest creating a test user and grant proper permissions for testing.
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Send As, Send on Behalf and Full Access for Exchange server 2010/2013

    [This FAQ contains 2 parts]
    Testing and watching the behavior of Send As, Send On Behalf and Full Access permission.
    Common issue and Troubleshooting on the three permission.
    [Testing and Watching]
    Based on following blog, I decide to test on my lab:
    Full Mailbox Access Rights + Send On Behalf = Send As ?
    http://blogs.technet.com/b/ehlro/archive/2012/04/06/full-mailbox-access-rights-send-on-behalf-send-as.aspx
    Description on my lab and test:
    Exchange 2010 + Outlook 2010
    Exchange 2013 + Outlook 2013
    Senders: A01, A02, … , A07, A08
    Recipient: A09
    A01 grand permission to other senders.
    Two methods:
    a. Use A0x’s credential configure A01’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    b. Use A0x’s credential configure A0x’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    Result as following forms:
    1. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A01’s mailbox, then send From both A01 and A0x
    To A09.
    2. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A0x’s mailbox, then send From both A01 and A0x
    To A09.
    [Common Issue]
    1. [Issue]
    Exchange 2010 + Outlook 2010. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
    Details as following pic:
    [Troubleshooting]
    1) Based on the NDR, it seems a permission issue. Check Send As permission, however the Send As permission configured correctly. Pic as below:
    2) ince the Send As permission configured correctly, it seems the permission hasn’t been replicated. Try to restart Microsoft Exchange Information Store service. It works.
    Note: The Send As permission isn’t granted until after replication has occurred. Replication times depend on your Exchange and network configuration. To grant the permission immediately, stop and then restart the Microsoft Exchange Information
    Store service.
    2. [Issue]
    Exchange 2013 + Outlook 2013. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    Your message did not reach some or all of the intended recipients.
    Subject: xxx
    Sent: xx/xx/2014 8:20 AM
    The following recipient(s) cannot be reached: A09
    This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80070005-00000000-00000000].
    Details as below:
    [Troubleshooting]
    1) Also check the Send As permission configuration first.
    2) Then try to use A03 send as A01 to A09 via OWA. If OWA works well, it seems and issue on the Outlook client side.
    3) This behavior may occur if the OAB in Outlook isn’t updated. Try to download OAB manually.
    4) If doesn’t work, please close Outlook and try to delete all the OAB folder on your computer. The path of OAB folder in Win7, Win8 as below:
    \Users\<UserName>\AppData\Local\Microsoft\Outlook\Offline Address Books
    5) Restart Outlook.
    Note: Be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address list. When sending a message, Exchange requires that e-mail address is resolved in the
    From field.
    3. [Issue]
    Exchange 2010. A01 grant A0x “Send As” or “Send on Behalf” permission. A0x send as/ send on behalf of A01. The message is only copied to the Sent Items folder in A0x’s mailbox (same as the result of my test). Also cannot configure Exchange 2010 so that the
    message is copied to the Sent Items folder of both A01 and A0x.
    [Troubleshooting]
    This issue occurs because Exchange server 2010 was designed to copy message to the Sent Items folder of the sender only. This issue can be solved by installing Exchange 2010 SP2 UR4. More details in the following KB:
    Messages that are sent by using the "Send As" and "Send on behalf" permissions are copied only to the Sent Items folder of the sender in an Exchange Server 2010 environment
    http://support.microsoft.com/kb/2632409/en-us
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Nice guide Mavis, I recently explored the same topic. Few things you might want to add is the type of connectivity (Cached vs Online will produce different results) and to expand further on the methods of adding the other mailbox in Outlook (additional mailbox
    vs additional account defaults to different methods). Check the screenshot:
    And please post this somewhere more visible, like blog/wiki page.

  • Shared Mailboxes Send on Behalf

    I have created shared mailbox and Grant Send On Behalf permission for John.
    John sends email on behalf to shared mailbox but messages look like John send message himself (Send AS). But John have only Grant Send on Behalf permission not SendAS.
    Exchange 2013 CU2.
    Truly, Valery Tyurin

    Hello,
    I have similar issue but in reversal, I have a shared mailbox. I want to send an email on behalf of shared mailbox but I do not want the recipients to see the email has been sent by "User on behalf of shared mailbox". I have been added as a delegate
    with editor permissions in shared mailbox. If I send an email (From option: shared mailbox) from my outlook, receiver can see that the email has been sent on behalf. I do not want this. It should be visible as if the mail is sent from shared mailbox.
    I saw some suggestions that adding permissions on exchange server will help but I dont know where to check in the system (perhaps I dont have admin rights). I have a colleague, they are just new, they dont know about email box too. My old friend who left
    has configured the outlook for these new ladies. For them it is absolutely working fine. I dont know what he did but would not have used exchange server (as we dont have admin rights).
    Please help!
    Regards,
    Krishna

  • How to give user Send on behalf rights to Distribution group in exchange 2010

    I have tried below all commands in Exchange power shell, but still users receives the same error message when trying to send on behalf of distribution list. Please help
    Get-DistributionGroup "SOperations" | fl name,grant*
    Set-DistributionGroup “SOperations” –GrantSendonBehalfTo “XXXUser”
    Set-DistributionGroup “SOperations” –GrantSendonBehalfTo “SOperations”
     (to allow all users in the group)
    Error for user:--Delivery has failed to these recipients or groups: You
    can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

    Keep in mind if you ran both the commands serialially, you would've overwritten the first one with the second one. Did you test sending from the xxxuser or a user in the SOperations group and how long has it been since you granted the permissions then testing
    the send.
    Set-DistributionGroup
    “SOperations” –GrantSendonBehalfTo “XXXUser”
    Set-DistributionGroup
    “SOperations” –GrantSendonBehalfTo “SOperations”
     (to allow all users in the group)
    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

  • Cannot send on behalf of user

    We are using exchange 2010 SP1 in our environment. I have one user no matter who you try to setup so she can send on behalf it always comes back and says you do not have permission to do it.
    We set the person up with full access to the mailbox, with send as on mailbox that did not work. Next we set the person up with send on behalf using the mailbox properties still same error. i went on the AD account and went to permissions and added that
    person to the AD account with send as and full control and still nothing is working. Any other users you allow send on behalf for any mailbox is working just fine.

    Hello,
    Do you mean when you grant one user full access permission or send as permission on any other mailboxes, the user still has permission issue? If so, besides DareDevil57's suggestion, please use get-adpermission cmdlet to check permissions on the Active Directory
    object.
    http://technet.microsoft.com/en-us/library/bb125183(v=exchg.141).aspx
    And please make sure whether you check "Include inheritable permissions from this object's parent".
    Please make sure whether there are multiple DCs in your environment.
    If I have any misunderstanding, please free let me know.
    If you have any feedback on our support, please click
    here
    Cara Chen
    TechNet Community Support

  • Microsoft Outlook 2010 The delegates settings were not saved correctly. Cannot activate Send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object.

    I am trying to assign delegation to a user and I receive the following message.
    The delegates settings were not saved correctly.  Cannot activate Send-on-behalf-of list.  You do not have sufficient permission to perform this operation on this object.
    We are using 2010 for the server and client.  There are only specific mailboxes that this is happening for after being migrated from Lotus Notes.  The user can use their mailfile fine however it is just the delegation that appears corrupted somehow. 
    I'm not sure how to fix this.  I have checked the access through the security tab in ad and that looks fine.
    Any help would be appreciated.

    I did some more digging and I solved it.
    This would be the solution:
    In Active Directory Users and Computers
    -Click on VIEW
    -Click on ADVANCE FEATURES  (this is important otherwise you won't see
    the complete list in the next steps)
    -Click on the USERS container
    -Find the problem user's account
    -Right mouse the account and click on PROPERTIES
    -Click on the SECURITY tab
    -In the top box, click on the SELF account
    -In the bottom portion of the screen make sure the READ PERSONAL
    INFORMATION  & WRITE PERSONAL INFORMATION  should both be checked for
    ALLOW
    If you can compare the permissions for 'SELF' with another user you probably should set them accordingly to be safe. I noticed that for the user where setting delegates (SOB) did
    not work, more than those 2 permissions were missing.
    Good luck!
    David

  • Outlook 2010 / 2013 Send on Behalf of does not cache Resolved email address in the From Dropdown

    This is insane Microsoft. Makes me wonder if you use your own product
    Office 2013 / Exchange 2010
    - Proper mail box permission
    - Proper Send On Behalf of Permission
    1. Open A Message > Select From > Choose Other Address > Choose From Again > Pick the Address (Which Resolves from GAL) Finish the Message and Send - No Problem
    2. Start Another Message > Click the From drop down and the email is cached in unresolved SMTP format
    "You do not have the permission to send the message on behalf of the specified user"
    A Better message would be "Sorry Microsoft doesn't understand how to read it's own address book, properly cache an exchange email address and thinks 4 click is better than 1"
    Sorry for the rant but if any one has a solution to this it would be much appreciated.
    Notes:
    - CTRL-K or Check Names Doesn't Resolve the From field
    - You can send repeated On Behalf of as long as you don't the From Drop-down.
    - Changing Address book order doesn't work
    - Using Contacts as the Primary Address book doesn't work
    - No Shortcut Quick Key to open "Open Send From Other-Email Address Programmatically" form
    - Cant Use Quick Steps because From Field is not included
    For those of you who hate rants without a solution, Here it is beyond ridiculous!
    1. Make the Developer Tab Visible
    2. Add the following VBA Code to ThisOutlookSession
    Sub CreateNewMessage()
    Dim objMsg As MailItem
    Dim obj
    Set objMsg = Application.CreateItem(olMailItem)
     With objMsg
      '.SentOnBehalfOfName = "[email protected]" DOESNT WORK BECAUSE EXCHANGE DOESNT RESOLVE
      .SentOnBehalfOfName = "USE THE DISPLAY NAME"
      .To = ""
      .CC = ""
      .BCC = ""
      .Subject = ""
      .Categories = "Test"
      .VotingOptions = "Yes;No;Maybe;"
      .BodyFormat = olFormatHTML
      .Importance = olImportanceNormal
      .Sensitivity = olNormal
    ' Calculate a date using DateAdd or enter an explicit date
    '  .ExpiryTime = DateAdd("m", 6, Now) '6 months from now
    '  .DeferredDeliveryTime = #8/1/2012 6:00:00 PM#
      .Display
    End With
    Set objMsg = Nothing
    End Sub
    3. Customize the Ribbon
    - Create A New Group
    - Position New Group As Desired
    - Choose Commands From (Select Macros)
    - Drag Macros to Group
    - Change Display Name and Choose Icon (Under Rename)
    4. Hide The Developer Tab

    I did some more digging and I solved it.
    This would be the solution:
    In Active Directory Users and Computers
    -Click on VIEW
    -Click on ADVANCE FEATURES  (this is important otherwise you won't see
    the complete list in the next steps)
    -Click on the USERS container
    -Find the problem user's account
    -Right mouse the account and click on PROPERTIES
    -Click on the SECURITY tab
    -In the top box, click on the SELF account
    -In the bottom portion of the screen make sure the READ PERSONAL
    INFORMATION  & WRITE PERSONAL INFORMATION  should both be checked for
    ALLOW
    If you can compare the permissions for 'SELF' with another user you probably should set them accordingly to be safe. I noticed that for the user where setting delegates (SOB) did
    not work, more than those 2 permissions were missing.
    Good luck!
    David

  • Outlook error "The Delegate settings were not saved correctly. cannot activate send-on-behalf-of list. The operation failed"

    Hi,
    Re: "The Delegate settings were not saved correctly. cannot activate send-on-behalf-of list.  The operation failed" 
    I have a client who is getting the above error when attempting to change delegate permissions in Outlook 2010.
    She is also getting this error when she tries to remove a delegate.
    I have tried recreating her mail profile.
    I have also tried kb2593557. The auto fix didn't work at all and the registry fix only removes the error message and not the problem. This client would like to be able to edit her delegate permissions.
    She is on Exchange 2010
    Any assistance would be appreciated.

    The article you provided is not related to the error message that the user is getting it.
    Can you please provide better solution? I know this answer and this post is old but I am having same issue.
    The error message is only (The Delegates settings were not saved correctly. cannot activate send-on-behalf-of list. The operation failed) I was not able to attach screen shot.

  • "send on behalf" problem

    Exchange 2010 sp3, Outlook 2013
    I have added "send on behalf" for my AD username in the administrators mailbox. but whenever I send an email, it shows "Me
    On Behalf Of
    Administrator".
    how can I change the From to show only Administrator?

    Hi,
    BayTree is right, please grant "Send As" permission instead of "Send on Behalf".
    Also refer to this link:
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/management-administration/Sending-As.html
    Regards,
    Melon Chen
    TechNet Community Support

  • How to add a 'Send on Behalf Of' address to multiple mailboxes?

    My apologies if this is a repeat question. I've searched for a while now but haven't come across an answer.
    This is my dilemma:
    My company is using a piece of software that has a 'sender address'. This address needs to be added to the users' mailbox in the 'Send on Behalf Of' field. Is there anyway to automate this process? Can I make this happen through a GPO or a security group
    or something? It would be very tedious to have to do this for every account and every newly created account.
    Thank you for your help! 

    Not all ideas are possible. :(
    I think it's very simple script for PS Exchange, c planned launch times a day.
    $DistinguishedName = Get-DistributionGroup MyGroup | Get-DistributionGroupMember
    $DistinguishedName | ForEach-Object {Set-Mailbox -Identity user_mailbox -GrantSendOnBehalfTo @{Add = "$_"}}
    MCITP, MCSE. Regards, Oleg

  • ADding bulk users on send on behalf to

    I am using this command to add send on behalf
    Get-mailbox "Sid test 1" | Set-mailbox -Grantsendonbehalfto "Sid Test 2","Sid Test 3".
    When i check the results it only adds 1 mailbox.
    Please advise

    I need to add mailbox usig hte dislay name, i tried
    Get-mailbox "Sid test 1" | Set-mailbox -Grantsendonbehalfto "Sid Test 2","Sid Test 3".
    Only adds 1 mailbox 
    The value @{Add="<value1>", "<value2>", "<value3>"} does it have to be e-mail address or can it be samaccount name

  • Setting up Send on Behalf for distribution Group

    Hi All,
    I have a distribution group named [email protected] setup and working fine.
    I want to allow member to Send on Behalf as this group, and have put the appropriate names in the Send on Behalf box, but for the life of me I cannot see how to actually send an email using the distribution group. There is no option in the from field to
    select this as a from address.
    I must be missing something, but what?
    Using exchange 2013, please help :)
    Kind Regards
    Richard

    If you see the FROM field in outlook, either just type the email address of the group, or click the FROM button and select the group from the GAL. The ladder is the preferred method.
    http://www.outlook-apps.com/send-from-other-email-address-outlook/
    DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

  • PS Command: Send on behalf privleges

    Hi,
    I'm trying to create a script which give everyone in Group A access to send on behalf of everyone in Group B.
    The trouble is I think I have to get all of the email addresses from the mailboxes in Group A and putting them into the last section.
    Get-DistributionGroupMember-identity"Group
    B"|Set-Mailbox-grantsendonbehalfto@{Add="[email protected]"}
    where [email protected] is a member of group A.
    Has anyone tried to so something like this before?
    Many thanks in advance,
    D

    Hi,
    I test it in my lab with your command:
    Get-DistributionGroupMember -identity"TestGroup2" | Set-Mailbox –GrantSendOnBehalfTo @{Add="TestGroup3"}
    It works very well, all users in TestGroup3 can send on behalf of everyone in testGroup2.
    Best Regards.

  • Can't send on behalf of a mailbox, unless it is added as an account to Outlook

    As the title states i can't send on behalf of one of our new IT Support mails. I've added myself to the delegate access in Exchange. We are running Exchange 2010. Here comes the weird part. I can't send on behalf for some reason, but if i add the IT Support
    account to my Outlook, I suddenly CAN send on behalf of it. This makes absolutely no sense to me whatsoever. And to make matters worse, i tried testing if this was the same for all mailboxes. I made a new test mailbox, and added myself as delegate (i.e. same
    settings as the IT Support mailbox) and nothing else. This time it worked WITHOUT adding the account to my Outlook. I realize this is a workaround, but i want to be able to send on behalf of our IT Support mail without having to add it to Outlook for every
    user that needs to use it. Anyone have any suggestions as to what is wrong? And how to fix it?

    Hi,
    If you want to send on behalf of the IT Support mailbox, please make sure the following settings have been configured in Exchange:
    1. Open Exchange Management Console, expand Recipient Configuration > Mailbox.
    2. Right-click IT Support user > Properties.
    3. In Mail Flow Settings tab, click Delivery Options > Properties.
    4. Make sure your account is listed in Send on behalf permission list. If not, please add it. If it does, please remove your account, Apply it. Then add it back to have a try.
    Then check whether the issue persists.
    Regards,
    Winnie Liang
    TechNet Community Support

Maybe you are looking for