In a recent article I demonstrated how to grant send on behalf permissions for a distribution group in Exchange 2010.
In this article I’ll show you how to grand send as permissions for distribution groups in Exchange 2010. If you’re not sure what the difference is between “send as” and “send on behalf” it is as simple as this:
- “Send on behalf” is when the email message has a From address of “Person A on behalf of Person B”. This is fairly common with executives and their assistants who send things like meeting invitations on the exec’s behalf.
- “Send as” is when the message has a From address of Person B with no indication that it was actually sent by Person A. In other words this is more like impersonation, whereas “send on behalf” is more like delegation.
So let’s take a look at this scenario. Here we have Alannah Shaw, a member of the Payroll department, sending an email to Alan Reid and attempting to send as “Payroll Team”, which is a distribution group.
The email is not delivered because Alannah does not have permissions to send as the Payroll Team group.
Fortunately configuring “send as” permissions is not difficult at all. There are two ways to grant the permissions.
- Grant send as permissions to a mailbox user (eg, grant Alannah Shaw permission to send as “Payroll Team”)
- Grand send as permissions to a universal security group (eg grant “Payroll Team Leaders” permission to send as “Payroll Team”)
You can grant the permissions by using Active Directory Users & Computers. Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change.
After making this change you may notice that it does not take effect for up to 2 hours. This is due to caching on the Exchange servers. Though you can speed up the change by restarting the Information Store that is obviously not going to be practical in most production environments, so you’ll often find that you just need to wait.
Once the change has taken effect the user can send as the distribution group.
About Paul Cunningham
This is great, but do you know of if adding universal security groups to shared mailboxes would work too?
Yes you can grant permissions to mailboxes using Universal security groups.
I am stucked in one problem. Few users are able to send mail on behalf of any users in my infra. I have checked send as permission but there is no permission defined for those users. We are using exchange 2007. can you please help me.
Hi Arun, perhaps the permissions have been granted at a higher level (database, information store, server, org) instead of on each mailbox.
I suggest opening ADSIEdit.msc, connect to the Configuration container, and look at the permissions on your Exchange objects and containers.
I do not appear to have the security tab on any of my Distribution groups? (Either Security or Distribution groups) Any ideas why?
I can use the other article how to Send on behalf of sing the powershell, without issue, but nowhere canI find this tab.
Help?
Are you looking in Active Directory Users & Computers or in the Exchange Management Console?
The Security tab is only available in ADUC.
Yep I am looking in ADUC – the tab is def not there!
In ADUC go to View menu and enable Advanced Features.
Ahhh…got it, thank you!
Hi Paul, thanks for the above details..wanted some information, can we give access to users on the mailbox via security group..we have tested that but its not happeneing..now is it mandatory for the SG to be universal or Global also will do..we are testing that on the Global SG..
thanks for your help
Also wanted to verify, is it mandatory for the SG to be mail enabled for the accesses to propagate?
our current scenario is that we have given access via a SG to people but they are unable to use Send As permissions which is supposed to replicate via the SG..need your suggestion on this..
Thanks
Hi paul.
I configured the distribution group for a user and gave the user SEND AS permission but when i log on to the user outlook and open new email to send using the distribution group created there is no FROM from the option..i only have To and CC option.
thanks
Wenn you open a new Mail in Outlook, choose the option tab and there it is…
thanks man
been scratching my head on this
Need to give a user the ability to send of behalf of rights to a bulk of users that are a member of a universal security group.
Basically it needs to look like it came from: Heather Jones on behalf of John Smith.
John Smith is a member of security Group all – company doctors.
Any help is appreciated.
Hi Paul,
I’m facing with this problem below;
My user is @domain1.com and I want to send e-mail to Universal Distribution Group in another domain, but I can’t. May I need to created another send connectors?
Thanks in advance,
Renato from Brazil
What do you mean by “can’t”? Do you get an error or an NDR of some kind?
I got error. I did not have permission.
Can you please provide the exact error message.
Hi, I have added my account to security permissions of a Distribution Group and grated “Send As” permissions. But still I am unable to send emails as the Distribution Group. The NDR says access denied. Any idea what could be wrong. I waited for more than a day after granting the permissions.
I believe the perms are not syncing to Exchange. Is there anyway to verify this?
Thanks,
Sitaram
great article. For me everything works fine with the groups. one question though.
how can i set the default address of the users to be the Distribution Group?
ie. i have 10 users under sales@dimain.com everybody receives the emails To sales@domain.com and can send from it BUT they always have to select the FROM field.
how can i change the FROM to always appear as the sales@domain.com?
and if they want to change it to their personal?
Thnx!
That is just how Outlook behaves and I don’t know of a way to change it I’m afraid.
Set up send as permission in dist group just as in the article, logged in as user was able to send one email then after that email delivered I loss permission, if I delete it from Outlook and then add it back I can send one email then I loss permission again???? Also there are many users in the dist group and they are not affected accounts have ben compared and permissions matched. Any thoughts anyone. Thanks in advance
What do you mean by this? “f I delete it from Outlook and then add it back”
Have you checked that the group is a Universal Security group?
If the group you are sending from is hidden you would have this issue. To work around this issue you have to click “from” each time then select other email address and type it in…. I think the cached distribution lists that show up under “from” do not work if they are hidden form the gal.
http://social.technet.microsoft.com/Forums/nl-NL/exchange2010/thread/cdb42fe0-47b4-4b1c-a647-952ec7d9f324
Hi Paul,
There is already a send as permission of the following users but there is a problem when receiving mail to a group and a specific user at the same time. The specific user is also a member of a group, however, they need it to send on its mailbox as a reminder or to give attention. He/She can received email on the group email folder but no email from his/her inbox. How can we resolve this?
hi Mr king exchange
its works for me but when i enable the cache on Outlook its fail.. mmm do u have any ideas plz ? i m struck
i redld the OAB on the client no joys..
We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???
++++++++
We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???
++++++++
(( Dear TEAM )
How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????
Regards
Hi Paul,
I’ve executed the above exactly as mentioned and waited over the mentioned time period. However, I still do not have the ‘required permissions’ when selecting the desired distro group in From in Outlook. Do you’ve any idea why I’m still getting this? I simply wish to have 4 people send as a distro group (admin sec group granted send as permissions).
I’m running into the same issue. I’ve followed these steps, and still when I try to send email as the DG, I get the undeliverable message. I’ve contacted Office365 support, and they are stumped too.
Delivery has failed to these recipients or groups:
You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
The tutorial was written for on-premise. Frankly I have no idea if it will work the same in Office 365. However, you should check whether you’ve granted both Send As and Send on Behalf, because that doesn’t work. You can only grant one or the other. If both are granted then problems like this can occur.
Hi Paul, This should be easy but it is not working for me. I can ‘send as’ the distribution group from OWA but not Outlook. I deleted the OAB files and restarted Outlook but still get an NDR. Any other suggestions? Thanks, Kevin
I can’t think of any reason why it wouldn’t work other than the group being the wrong type.
(( Dear TEAM )
How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????
Regards
Hi Paul, excellent article. If you have a moment, can you shed some light on why I cannot send from the group when it is hidden and if I can work around that? I had it working but, as soon as I hid the group from Exchange Address Lists it broke. Thanks so much
I guess Outlook can’t resolve it when its hidden from the GAL. Makes sense to me that it wouldn’t work.
Hi Paul,
i have been testing this as well and there’s something strange going on.
USG, mail enabled, user J.Wesselius has Send-As permissions on USG, this is Exchange 2010 SP2.
OWA works fine when sending as USG
Outlook 2010 in online mode works fine when sending as USG;
Outlook 2010 in cached mode does not work when sending as USG and a permissions error is sent back to the user saying “You can’t send a message on behalf of this user unless you have permission to do so”.
I’m not sure whether this is an Outlook or an Exchange issue, but it’s not working
Cheers
Jaap
Hi Paul, I have two forest because we are in adquisition transition. Forest A, and B.
i need to gran permission into a Distribution Group in Forest A to one user just migrated to Forest B.
The idea is to do by power shell because i canĀ“t see how to grant this permission in ADUC from Forest A.
Could you help me with that? please, thank you in advance.
Juan
More details: The group scope is: Universal
The group type es: Distribution.
Thanks
I have a question,
lets take an example,
I have DL named XADM10, and it has 10 members.
Now i give all ten members permission to send as XADM10@microsoft.com
now here is the thing
One member has used this send as xadm10@synowledge.com and sent a mail to all employee with an abusive content
now as an admin how do i find who he/she is?
Environment info:
WE got e2k7SP3 Ru9 and there is no discovery search
Audit log on DL will not give out put on send as (i mean as who sent it)
Message header will give info about only the server and server ip not the workstation from which it is sent.
Please guide me..
Thanks
Nelson