"send as" problem, tried all tips.

[JamesBoag]

I have tried everything but a user on my network still can't send as her Boss. The situation is:

She has Outlook2k connected to an exchange server (2k sp3) and opens up her mailbox as well as her bosses mailbox.

I have given her full rights to the "boss" mailbox via the AD user property "Exch advanced" tab, by adding her with appropriate ticks.


I have given her send on behalf of permission via the AD user property "exch delivery options" by adding her with appropriate ticks.


I have given her send-as permission via the AD user property "Security ( using advanced view )" by adding her with appropriate ticks.

When she opens up a message from her bosses inbox, she is able to reply to it as the boss identity. However if she generates a new email and types in the bosses name in to the "from" field, Outlook throws up the old "don't have permission etc...".

I have added her to his delegates list with full blown rights as well. I have tried the FAQ faq858-4815 and both the MS articles.

I have also tried using the AD MMC from the Exchange menu.
Nothing seems to work. The user and the EX server have both rebooted after AD changes. Anyone fancy a wee star!!

TX in advance

 

[xmsre]

1. Make sure the manager and delegate are either on the same store or in different storage groups. If the manager and delegate are on different stores in the same storage group, delegate access breaks.

2. Sometimes MSExchMasterAccountSID and MSExchMailboxSecurityDescriptor atrributes get out of sync. When that happens, delegate and public folder access can break. MS wrote a utility called NO MAS to fix that, but you'll have to call PSS to get it.

 

[JamesBoag]

Thanks xmsre, I actually deleted the "boss" user account and re-created it, then reimported his mail from a PST file.

Next I went through and set all the relavent permissions again using the AD mmc from Exchange menu.

The user can at times send as "boss" but if she logs off or restarts Outlook, The same issue appears and only goes away when I fluff around on her machine and send emails from her to the "Boss" mailbox and then reply back to her as the "boss".

For some reason this eventually allows her to send as "boss" without errors.

In reference to your POINT1,both accounts are on the store and storage group (there is only one store and storage group).

In reference to POINT2, what (who) is PSS?

Thanks for your reply.

Cheers

 

[xmsre]

In this case, the SID for the old boss account is likely in the ACL in MSExchMailboxSecurityDescriptor attribute. Try, on both the manager dand delegate mailboxes:

1. Set your deleted mailbox retention attribute for a value of 1 or greater.
2. Remove the exchange attributes from both the manager and delegate through exchange tasks in ADUC.
3. Run the mailbox cleanup agent and Purge the mailboxes.
4. Recover the mailboxes.
5. Reconnect the mailboxes, in 2000 you may have to use mbconn.
6. Set up the permissions again.


This will remove and recreate the MSExchMasterAccountSID and MSExchMailboxSecurityDescriptor attributes on both users, and ensure the the permissions are propagated down the mailbox folder structure.

Microsoft PSS. If you have a Premier account, great; if not you pay per call via credit card and get pro support.

 

[JamesBoag]

Thanks for the info, I will try this tomorrow.
I am of the understanding that if I Purge the mailboxes then I will lose them permanently.

Making a PST of the "boss" account is easy enough but the "delagate" has over 2 gig of mail.

If I complete steps 1 + 2 of your list above, then delete the 2 user accounts and their mailboxes, then re-create the new users, and then re-connect them to the mailboxes, will this have the same effect as steps 3,4,5 listed above?

Cheers

 

[xmsre]

1. You must set deleted mailbox retention first. This way you can recover the mailbox.

2. You don't have to delete the accounts, removing the exchange attributes is enough to clear the attributes in question.

3. When you recover and reconnect the mailbox, the new permissions [the contents of MSExchMailboxSecurityDescriptor] is propagated down the folder structure in the mailbox.

 

[JamesBoag]

Sorry about the delay in replying here XMSRE, and many thanks for your correspondance. Unfortunatly I still couldn't get the Ex box to allow "send as" to function for the 2 users.

I spoke to the guys who originally built the server and they told me about install problems with exchange2k, so that may be the reason. As a work around(didn't want to reload the whole thing)I added an extra pop account to the users Outlook client and configured it with her bosses email details, and then removed it from the send/recieve group so that she can simply send out via it when creating a new email on her bosses behalf.

Once again, thanks for your info.

Cheers