Semi-Automated granting send on behalf rights - Exchange 2013/Exchange Shell

Hi all,
We have just upgraded to Exchange 2013 and currently cant set mailbox permissions via the Exchange Admin Center, we currently have to do it via Exchange Shell.
Thats all fine but i would like to automate it so my team can run a script and get prompted to enter the target mailbox and the user's id.
Im new to ExchangeShell/PowerShell so be gentle with your feedback, but this is what I have come up with:
$RemoteEx2013Session = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri  ` -Authentication #-Credential (Get-credential)
Import-PSSession $RemoteEx2013Session -AllowClobber
$mailboxname = Read-Host "Please enter name of mailbox"
$UserID = Read-Host "Please enter name of user"
$output = set-mailbox $mailboxname -GrantSendOnBehalfTo $UserID
When I run it I get "Insufficient access rights to perform the operation", I get what that means but if I manually type the command it works i.e    set-mailbox john.smith -GrantSendOnBehalfTo Jane.Smith
Questions are: Is this possible to semi-automate this via powershell, and am i totally of track with the above commands?
Thanks in advanced 

Hi,
According to the error message, it seems there is no proper permission to run this script.
Please make sure you have proper permission, I suggest run this script as Administrator for testing if you are using an additional account now.
Also suggest creating a test user and grant proper permissions for testing.
Thanks
Mavis
Mavis Huang
TechNet Community Support

Similar Messages

  • Grant Send on Behalf Permissions

    Hi,
    Some one in organization modified Grant Send on behalf permission.
    We have an application that monitors the changes and that application showed that one the userid's Grant Send on behalf permission got modified and some people got added to that list.
    and after some time that list was cleared again(this shown by the application we developed) We are using powershell cmnds to monitor these changes.
    But when we checked auditlogs we didn't find any admin audit log entry.
    How it is possible, is it easy to clear the logs, where I can find these logs?
    Regards,
    Abhagwat

    I don't know the nature of your auditing software, but you can modify the send-as permission directly in ADUC, etc, so its very possible the audit logs wouldn't record such modifications.
    Mike Crowley | MVP
    My Blog --
    Planet Technologies

  • How to give user Send on behalf rights to Distribution group in exchange 2010

    I have tried below all commands in Exchange power shell, but still users receives the same error message when trying to send on behalf of distribution list. Please help
    Get-DistributionGroup "SOperations" | fl name,grant*
    Set-DistributionGroup “SOperations” –GrantSendonBehalfTo “XXXUser”
    Set-DistributionGroup “SOperations” –GrantSendonBehalfTo “SOperations”
     (to allow all users in the group)
    Error for user:--Delivery has failed to these recipients or groups: You
    can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

    Keep in mind if you ran both the commands serialially, you would've overwritten the first one with the second one. Did you test sending from the xxxuser or a user in the SOperations group and how long has it been since you granted the permissions then testing
    the send.
    Set-DistributionGroup
    “SOperations” –GrantSendonBehalfTo “XXXUser”
    Set-DistributionGroup
    “SOperations” –GrantSendonBehalfTo “SOperations”
     (to allow all users in the group)
    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

  • Shared Mailboxes Send on Behalf

    I have created shared mailbox and Grant Send On Behalf permission for John.
    John sends email on behalf to shared mailbox but messages look like John send message himself (Send AS). But John have only Grant Send on Behalf permission not SendAS.
    Exchange 2013 CU2.
    Truly, Valery Tyurin

    Hello,
    I have similar issue but in reversal, I have a shared mailbox. I want to send an email on behalf of shared mailbox but I do not want the recipients to see the email has been sent by "User on behalf of shared mailbox". I have been added as a delegate
    with editor permissions in shared mailbox. If I send an email (From option: shared mailbox) from my outlook, receiver can see that the email has been sent on behalf. I do not want this. It should be visible as if the mail is sent from shared mailbox.
    I saw some suggestions that adding permissions on exchange server will help but I dont know where to check in the system (perhaps I dont have admin rights). I have a colleague, they are just new, they dont know about email box too. My old friend who left
    has configured the outlook for these new ladies. For them it is absolutely working fine. I dont know what he did but would not have used exchange server (as we dont have admin rights).
    Please help!
    Regards,
    Krishna

  • Send As, Send on Behalf and Full Access for Exchange server 2010/2013

    [This FAQ contains 2 parts]
    Testing and watching the behavior of Send As, Send On Behalf and Full Access permission.
    Common issue and Troubleshooting on the three permission.
    [Testing and Watching]
    Based on following blog, I decide to test on my lab:
    Full Mailbox Access Rights + Send On Behalf = Send As ?
    http://blogs.technet.com/b/ehlro/archive/2012/04/06/full-mailbox-access-rights-send-on-behalf-send-as.aspx
    Description on my lab and test:
    Exchange 2010 + Outlook 2010
    Exchange 2013 + Outlook 2013
    Senders: A01, A02, … , A07, A08
    Recipient: A09
    A01 grand permission to other senders.
    Two methods:
    a. Use A0x’s credential configure A01’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    b. Use A0x’s credential configure A0x’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    Result as following forms:
    1. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A01’s mailbox, then send From both A01 and A0x
    To A09.
    2. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A0x’s mailbox, then send From both A01 and A0x
    To A09.
    [Common Issue]
    1. [Issue]
    Exchange 2010 + Outlook 2010. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
    Details as following pic:
    [Troubleshooting]
    1) Based on the NDR, it seems a permission issue. Check Send As permission, however the Send As permission configured correctly. Pic as below:
    2) ince the Send As permission configured correctly, it seems the permission hasn’t been replicated. Try to restart Microsoft Exchange Information Store service. It works.
    Note: The Send As permission isn’t granted until after replication has occurred. Replication times depend on your Exchange and network configuration. To grant the permission immediately, stop and then restart the Microsoft Exchange Information
    Store service.
    2. [Issue]
    Exchange 2013 + Outlook 2013. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    Your message did not reach some or all of the intended recipients.
    Subject: xxx
    Sent: xx/xx/2014 8:20 AM
    The following recipient(s) cannot be reached: A09
    This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80070005-00000000-00000000].
    Details as below:
    [Troubleshooting]
    1) Also check the Send As permission configuration first.
    2) Then try to use A03 send as A01 to A09 via OWA. If OWA works well, it seems and issue on the Outlook client side.
    3) This behavior may occur if the OAB in Outlook isn’t updated. Try to download OAB manually.
    4) If doesn’t work, please close Outlook and try to delete all the OAB folder on your computer. The path of OAB folder in Win7, Win8 as below:
    \Users\<UserName>\AppData\Local\Microsoft\Outlook\Offline Address Books
    5) Restart Outlook.
    Note: Be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address list. When sending a message, Exchange requires that e-mail address is resolved in the
    From field.
    3. [Issue]
    Exchange 2010. A01 grant A0x “Send As” or “Send on Behalf” permission. A0x send as/ send on behalf of A01. The message is only copied to the Sent Items folder in A0x’s mailbox (same as the result of my test). Also cannot configure Exchange 2010 so that the
    message is copied to the Sent Items folder of both A01 and A0x.
    [Troubleshooting]
    This issue occurs because Exchange server 2010 was designed to copy message to the Sent Items folder of the sender only. This issue can be solved by installing Exchange 2010 SP2 UR4. More details in the following KB:
    Messages that are sent by using the "Send As" and "Send on behalf" permissions are copied only to the Sent Items folder of the sender in an Exchange Server 2010 environment
    http://support.microsoft.com/kb/2632409/en-us
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Nice guide Mavis, I recently explored the same topic. Few things you might want to add is the type of connectivity (Cached vs Online will produce different results) and to expand further on the methods of adding the other mailbox in Outlook (additional mailbox
    vs additional account defaults to different methods). Check the screenshot:
    And please post this somewhere more visible, like blog/wiki page.

  • "send on behalf" problem

    Exchange 2010 sp3, Outlook 2013
    I have added "send on behalf" for my AD username in the administrators mailbox. but whenever I send an email, it shows "Me
    On Behalf Of
    Administrator".
    how can I change the From to show only Administrator?

    Hi,
    BayTree is right, please grant "Send As" permission instead of "Send on Behalf".
    Also refer to this link:
    http://www.msexchange.org/articles-tutorials/exchange-server-2003/management-administration/Sending-As.html
    Regards,
    Melon Chen
    TechNet Community Support

  • Outlook 2010 / 2013 Send on Behalf of does not cache Resolved email address in the From Dropdown

    This is insane Microsoft. Makes me wonder if you use your own product
    Office 2013 / Exchange 2010
    - Proper mail box permission
    - Proper Send On Behalf of Permission
    1. Open A Message > Select From > Choose Other Address > Choose From Again > Pick the Address (Which Resolves from GAL) Finish the Message and Send - No Problem
    2. Start Another Message > Click the From drop down and the email is cached in unresolved SMTP format
    "You do not have the permission to send the message on behalf of the specified user"
    A Better message would be "Sorry Microsoft doesn't understand how to read it's own address book, properly cache an exchange email address and thinks 4 click is better than 1"
    Sorry for the rant but if any one has a solution to this it would be much appreciated.
    Notes:
    - CTRL-K or Check Names Doesn't Resolve the From field
    - You can send repeated On Behalf of as long as you don't the From Drop-down.
    - Changing Address book order doesn't work
    - Using Contacts as the Primary Address book doesn't work
    - No Shortcut Quick Key to open "Open Send From Other-Email Address Programmatically" form
    - Cant Use Quick Steps because From Field is not included
    For those of you who hate rants without a solution, Here it is beyond ridiculous!
    1. Make the Developer Tab Visible
    2. Add the following VBA Code to ThisOutlookSession
    Sub CreateNewMessage()
    Dim objMsg As MailItem
    Dim obj
    Set objMsg = Application.CreateItem(olMailItem)
     With objMsg
      '.SentOnBehalfOfName = "[email protected]" DOESNT WORK BECAUSE EXCHANGE DOESNT RESOLVE
      .SentOnBehalfOfName = "USE THE DISPLAY NAME"
      .To = ""
      .CC = ""
      .BCC = ""
      .Subject = ""
      .Categories = "Test"
      .VotingOptions = "Yes;No;Maybe;"
      .BodyFormat = olFormatHTML
      .Importance = olImportanceNormal
      .Sensitivity = olNormal
    ' Calculate a date using DateAdd or enter an explicit date
    '  .ExpiryTime = DateAdd("m", 6, Now) '6 months from now
    '  .DeferredDeliveryTime = #8/1/2012 6:00:00 PM#
      .Display
    End With
    Set objMsg = Nothing
    End Sub
    3. Customize the Ribbon
    - Create A New Group
    - Position New Group As Desired
    - Choose Commands From (Select Macros)
    - Drag Macros to Group
    - Change Display Name and Choose Icon (Under Rename)
    4. Hide The Developer Tab

    I did some more digging and I solved it.
    This would be the solution:
    In Active Directory Users and Computers
    -Click on VIEW
    -Click on ADVANCE FEATURES  (this is important otherwise you won't see
    the complete list in the next steps)
    -Click on the USERS container
    -Find the problem user's account
    -Right mouse the account and click on PROPERTIES
    -Click on the SECURITY tab
    -In the top box, click on the SELF account
    -In the bottom portion of the screen make sure the READ PERSONAL
    INFORMATION  & WRITE PERSONAL INFORMATION  should both be checked for
    ALLOW
    If you can compare the permissions for 'SELF' with another user you probably should set them accordingly to be safe. I noticed that for the user where setting delegates (SOB) did
    not work, more than those 2 permissions were missing.
    Good luck!
    David

  • Can't send on behalf of a mailbox, unless it is added as an account to Outlook

    As the title states i can't send on behalf of one of our new IT Support mails. I've added myself to the delegate access in Exchange. We are running Exchange 2010. Here comes the weird part. I can't send on behalf for some reason, but if i add the IT Support
    account to my Outlook, I suddenly CAN send on behalf of it. This makes absolutely no sense to me whatsoever. And to make matters worse, i tried testing if this was the same for all mailboxes. I made a new test mailbox, and added myself as delegate (i.e. same
    settings as the IT Support mailbox) and nothing else. This time it worked WITHOUT adding the account to my Outlook. I realize this is a workaround, but i want to be able to send on behalf of our IT Support mail without having to add it to Outlook for every
    user that needs to use it. Anyone have any suggestions as to what is wrong? And how to fix it?

    Hi,
    If you want to send on behalf of the IT Support mailbox, please make sure the following settings have been configured in Exchange:
    1. Open Exchange Management Console, expand Recipient Configuration > Mailbox.
    2. Right-click IT Support user > Properties.
    3. In Mail Flow Settings tab, click Delivery Options > Properties.
    4. Make sure your account is listed in Send on behalf permission list. If not, please add it. If it does, please remove your account, Apply it. Then add it back to have a try.
    Then check whether the issue persists.
    Regards,
    Winnie Liang
    TechNet Community Support

  • Outlook 2010 Send On Behalf Of

    Hello,
    We're using Exchange 2010 SP1 and Outlook 2010. Is it possible to give a user Send On Behalf Of rights? NOT Send AS rights because we want to see who send the mail on behalf of.
    Thnx Remco

    Start Outlook 2010.  Select the "File" tab.  Click on account settings button then delegate access.
    This can also be done via the Exchange management shell.  I think the command is:
    Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends
    "Remco Tiel" wrote in message
    news:[email protected]...
    Hello,
    We're using Exchange 2010 SP1 and Outlook 2010. Is it possible to give a user Send On Behalf Of rights? NOT Send AS rights because we want to see who send the mail on behalf of.
    Thnx Remco

  • Cannot send on behalf of user

    We are using exchange 2010 SP1 in our environment. I have one user no matter who you try to setup so she can send on behalf it always comes back and says you do not have permission to do it.
    We set the person up with full access to the mailbox, with send as on mailbox that did not work. Next we set the person up with send on behalf using the mailbox properties still same error. i went on the AD account and went to permissions and added that
    person to the AD account with send as and full control and still nothing is working. Any other users you allow send on behalf for any mailbox is working just fine.

    Hello,
    Do you mean when you grant one user full access permission or send as permission on any other mailboxes, the user still has permission issue? If so, besides DareDevil57's suggestion, please use get-adpermission cmdlet to check permissions on the Active Directory
    object.
    http://technet.microsoft.com/en-us/library/bb125183(v=exchg.141).aspx
    And please make sure whether you check "Include inheritable permissions from this object's parent".
    Please make sure whether there are multiple DCs in your environment.
    If I have any misunderstanding, please free let me know.
    If you have any feedback on our support, please click
    here
    Cara Chen
    TechNet Community Support

  • Microsoft Outlook 2010 The delegates settings were not saved correctly. Cannot activate Send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object.

    I am trying to assign delegation to a user and I receive the following message.
    The delegates settings were not saved correctly.  Cannot activate Send-on-behalf-of list.  You do not have sufficient permission to perform this operation on this object.
    We are using 2010 for the server and client.  There are only specific mailboxes that this is happening for after being migrated from Lotus Notes.  The user can use their mailfile fine however it is just the delegation that appears corrupted somehow. 
    I'm not sure how to fix this.  I have checked the access through the security tab in ad and that looks fine.
    Any help would be appreciated.

    I did some more digging and I solved it.
    This would be the solution:
    In Active Directory Users and Computers
    -Click on VIEW
    -Click on ADVANCE FEATURES  (this is important otherwise you won't see
    the complete list in the next steps)
    -Click on the USERS container
    -Find the problem user's account
    -Right mouse the account and click on PROPERTIES
    -Click on the SECURITY tab
    -In the top box, click on the SELF account
    -In the bottom portion of the screen make sure the READ PERSONAL
    INFORMATION  & WRITE PERSONAL INFORMATION  should both be checked for
    ALLOW
    If you can compare the permissions for 'SELF' with another user you probably should set them accordingly to be safe. I noticed that for the user where setting delegates (SOB) did
    not work, more than those 2 permissions were missing.
    Good luck!
    David

  • Outlook error "The Delegate settings were not saved correctly. cannot activate send-on-behalf-of list. The operation failed"

    Hi,
    Re: "The Delegate settings were not saved correctly. cannot activate send-on-behalf-of list.  The operation failed" 
    I have a client who is getting the above error when attempting to change delegate permissions in Outlook 2010.
    She is also getting this error when she tries to remove a delegate.
    I have tried recreating her mail profile.
    I have also tried kb2593557. The auto fix didn't work at all and the registry fix only removes the error message and not the problem. This client would like to be able to edit her delegate permissions.
    She is on Exchange 2010
    Any assistance would be appreciated.

    The article you provided is not related to the error message that the user is getting it.
    Can you please provide better solution? I know this answer and this post is old but I am having same issue.
    The error message is only (The Delegates settings were not saved correctly. cannot activate send-on-behalf-of list. The operation failed) I was not able to attach screen shot.

  • How to add a 'Send on Behalf Of' address to multiple mailboxes?

    My apologies if this is a repeat question. I've searched for a while now but haven't come across an answer.
    This is my dilemma:
    My company is using a piece of software that has a 'sender address'. This address needs to be added to the users' mailbox in the 'Send on Behalf Of' field. Is there anyway to automate this process? Can I make this happen through a GPO or a security group
    or something? It would be very tedious to have to do this for every account and every newly created account.
    Thank you for your help! 

    Not all ideas are possible. :(
    I think it's very simple script for PS Exchange, c planned launch times a day.
    $DistinguishedName = Get-DistributionGroup MyGroup | Get-DistributionGroupMember
    $DistinguishedName | ForEach-Object {Set-Mailbox -Identity user_mailbox -GrantSendOnBehalfTo @{Add = "$_"}}
    MCITP, MCSE. Regards, Oleg

  • Setting up Send on Behalf for distribution Group

    Hi All,
    I have a distribution group named [email protected] setup and working fine.
    I want to allow member to Send on Behalf as this group, and have put the appropriate names in the Send on Behalf box, but for the life of me I cannot see how to actually send an email using the distribution group. There is no option in the from field to
    select this as a from address.
    I must be missing something, but what?
    Using exchange 2013, please help :)
    Kind Regards
    Richard

    If you see the FROM field in outlook, either just type the email address of the group, or click the FROM button and select the group from the GAL. The ladder is the preferred method.
    http://www.outlook-apps.com/send-from-other-email-address-outlook/
    DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

  • CF8 server can't send an email through Exchange Server

    I'm sending this as an Exchange Server Administrator... I'm working w/ our ColdFusion Admin, but he's stuck... so am I.
    CFv8 is our version (if you need more I'll get it) We have Exchange Server 2003 Enterprise, on Windows 2003 Server Enterprise.
    From what I understand... someone is filling out a form on our CF8 Server... this form is then "sent" to the "forum administrator"  (through our Exchange 2003 server) ... This person is "outside" of our Exchange server... [email protected]
    This has "Adobe Support" stumped...
    I have the CF server "allowed" in the SMTP,  Virtual Server,  Relay Setting, (and allow all authenticated servers to relay.. also) 
    I have a copy of his "code" too... (site details removed) ...
    <cfmail to="#recipEmail#"        from="#sendersEmail#"        subject="You've got an ePostcard from Our Company!"> #recipName#,     #sendersName# sent you an ePostcard from www.ourcompany.com! You can view your card at http://www.ourcompany.com/pub/ecards/yourEcard.cfm?cardNumber=#getIDNumber.CardID#  Your card will be available for 30 days. Delivered by Our Company Send your OWN ePostcard now at http://www.ourcompany.com/pub/ecards/ </cfmail>
    So if you have any ideas, please let me know.
    Thank you!
    JLH

    Our Answers below them... I scrubbed out the "real servers and email addresses" from the answers..
    I know most of this has been sent in an Adobe Ticket by the CF admin, but I see something isn't right!.
    Some questions, based on that assumption:
    1) Does the connection to the Exchange server verify in CFAdmin?
    Yes
    2) Have you switched all the mail logging options on, and set to DEBUG?  Anything useful being logged?
    "Error","scheduler-4","10/26/09","16:20:25",,"Invalid Addresses"
    3) Is the email failing to send from CF, or is it failing to be forwarded by Exchange?
    It’s being sent by Coldfusion but getting stuck in the undeliverable dir.
    4) Can Exchange log failed / refused connections, and is it logging attempted connections from the CF server?
    I trolled all the logs for Exchange, found only one line in months of logs:
    A non-delivery report with a status code of 5.1.8 was generated for recipient rfc822;[email protected] (Message-ID  <[email protected]>).
    10/6/2009
    8:39:45   PM
    MSExchangeTransport
    Error
    NDR
    3030
    N/A
    ourmailserver
    A non-delivery report with a status   code of 5.1.8 was generated for recipient rfc822;[email protected]   (Message-ID  <[email protected]>).
    5) Are the messages getting stuck in the spool dir on the CF server, or being placed in the undeliverable dir, or vanishing (suggesting they're being sent)
    They are getting stuck in the undeliverable dir.
    6) What happens if you set up a simple, stand-alone, test rig with a hard-coded <cfmail> test mail to an email address within your own Exchange system?  If that works, try changing it to an "outside world" one.
    Tried this and works fine with and address with in our Exchange system and when it is switched to an outside world address it gets stuck in the undeliverable dir like always.
    7) Anything in the CF or JRun logs?
    This is what we are getting in the Log files as the problem (but anID @ gmail.com is a valid email):
    "Error","scheduler-0","10/06/09","15:59:24",,"Invalid Addresses"
    javax.mail.SendFailedException: Invalid Addresses;
       nested exception is:
         com.sun.mail.smtp.SMTPAddressFailedException: 550 No such domain at this location ( anID @ gmail.com)
         at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1196)
         at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:584)
         at coldfusion.mail.MailSpooler.deliver(MailSpooler.java:832)
         at coldfusion.mail.MailSpooler.sendMail(MailSpooler.java:731)
         at coldfusion.mail.MailSpooler.deliverStandard(MailSpooler.java:1021)
         at coldfusion.mail.MailSpooler.run(MailSpooler.java:986)
         at coldfusion.scheduling.ThreadPool.run(ThreadPool.java:201)
         at coldfusion.scheduling.WorkerThread.run(WorkerThread.java:71)
    Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 550 No such domain at this location anID @ gmail.com)
         at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1047)
    Thank you for your time in looking at this with us!
    JLH

Maybe you are looking for