In a recent article I demonstrated how to grant send on behalf permissions for a distribution group in Exchange 2010.
In this article I’ll show you how to grand send as permissions for distribution groups in Exchange 2010. If you’re not sure what the difference is between “send as” and “send on behalf” it is as simple as this:
- “Send on behalf” is when the email message has a From address of “Person A on behalf of Person B”. This is fairly common with executives and their assistants who send things like meeting invitations on the exec’s behalf.
- “Send as” is when the message has a From address of Person B with no indication that it was actually sent by Person A. In other words this is more like impersonation, whereas “send on behalf” is more like delegation.
So let’s take a look at this scenario. Here we have Alannah Shaw, a member of the Payroll department, sending an email to Alan Reid and attempting to send as “Payroll Team”, which is a distribution group.
The email is not delivered because Alannah does not have permissions to send as the Payroll Team group.
Fortunately configuring “send as” permissions is not difficult at all. There are two ways to grant the permissions.
- Grant send as permissions to a mailbox user (eg, grant Alannah Shaw permission to send as “Payroll Team”)
- Grand send as permissions to a universal security group (eg grant “Payroll Team Leaders” permission to send as “Payroll Team”)
You can grant the permissions by using Active Directory Users & Computers. Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change.
After making this change you may notice that it does not take effect for up to 2 hours. This is due to caching on the Exchange servers. Though you can speed up the change by restarting the Information Store that is obviously not going to be practical in most production environments, so you’ll often find that you just need to wait.
Once the change has taken effect the user can send as the distribution group.
Paul
you are by far the best teacher when it comes to Exchange. Honestly, I have learnt so much from your courses on Pluralsight and and from your blogs
My hats off to your knowledge!
Hello All,
could you please share power-shell (AD & EXC )KT via attachment.
Thank you!
Vasu.
Hi ,
I need to give send mail permission to a specific user for a Email distribution group. But when i am trying add him for that i could not see any security group configured for send as permission where i can put that user to get the access automatically. I check in AD as well as exchange management console. Can you please help me on this .
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
If you haven’t already created a security group and granted that group Send-As permissions for the email distribution group, then you would need to do those steps first. Or you can just grant the user Send-As permissions for the email distribution group.
you saved my life!!! for some reason i thought just adding the users to use the DL in EMC will be enough
Hello Paul,
I have found it fairly simple to create the DG in ADUC and granting a user rights to it but this is where it gets hard.
1- since it was made in ADUC it doesn’t even have an email address.
2- i cannot see this in the “From” in Outlook
So i tough maybe i have to make the DG in Exchange, but in there i do not have the security option.
However i am able to see this DG from exchange in the “From” in Outlook but when i try and send from it i get an issue with the permissions…
What can i do?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
There’s a point of confusion here that gets a lot of people.
A “Distribution Group” is a type of group in Active Directory.
A “Mail-enabled Distribution Group” is an AD Distribution Group that has been enabled (in Exchange) with an email address and can be used to distribute email to the group members.
We all refer to “Distribution Groups” in the general sense, but as Exchange admins what we really mean is “Mail-enabled Distribution Group”.
The security/permissions need to either be configured via ADUC or using Add-ADPermission.
Yup, played around with it yesterday and got somewhere using the Exchange distribution groups and the shell command for Add-ADPermission.
Still cant seem to make it work using the ADUC but its fine if i can just use another method, thank you for the guide tho.
Hi,
I recently added a new mailbox for a new user in exchange 2010 server and i added two email addresses with different domains @abc, @xyz in this mailbox. i want him to be able to choose between one of these two emails to send as “From” . Can you help me please
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Exchange and Outlook don’t allow you to do that. The only way to do it is to use a shared mailbox for each of the different email addresses, and configure send-as permissions.
HI,
In my org, one of the user getting “Delivery has failed to these recipients or distribution lists”. I have checked in AD console.
In that Distribution Account,user id is added and their having send as permission.
Even though user not able to send mail from distribution list.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
When you receive a delivery failure notice, or non-delivery report, it will include a reason why delivery failed. Unless you can share that information here, I can’t help you.
Hi,
I’ve recently moved to a new laptop (new to me, not new) with Windows 7 and MS Outlook 2010 just like on my old laptop (almost). I am able to Send As using the Distro list on my old laptop and from my phone, but not the new laptop. The only difference I can see is that I do not have a user name on the new laptop. It was set up and given to me with just the admin log in, and I’ve continued to use it. Could this be the reason or is there some setting I’m missing (I set up the e-mail myself, tech support ain’t what it used to be at my company.) My old laptop is still working and I can still send from the Distro with no problem on it and my phone.
This is causing me all kinds of problems because if I don’t do it just so, my messages sit in the Outbox forever. What do I need to do to get this working on the new laptop?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Logging in with your own account would be a good start. Go talk to your IT support people about this, they’ll be able to help you with the details.
I Paul.
I have an issue, we have a DG and it can receive and send mails.
BUT! the only way to send an email without get the “no permission” mail is to look for the DG in the global address book.
And when I find it, I see the name of the DG in the “send as” textbox. If I type the DG address I get the error, and the outlook only remember the address, not the the DG name in the address list.
Example.
send as: sales@domain.com —-> get error
send as: DG- SALES —–> ok , but at the next email I send, outlook type sales@domain.com
thanks!
Hi,
I am wondering if it is possible to allow user to “send as” distribution group, when is not a member of it.
The aim is to allow users to send as DR but not to be able to recieve replays (as only other group of members is receiving them).
Thanks
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Yes.
Hi Paul,
Thank you for coming back to me so quickly.
Am I right to assume from your answer that the solution from this, yours article would be enough to achieve this? So I would just give “send as” permission to universal group of users who are not members of the Distribution Group and that would enable them to send as?
Thanks
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I assume so. I haven’t tried it lately and can’t remember if there’s anything else to consider. So give it a go and see whether it works.
Pingback: How to Grant Send As Permissions for a Distribution Group | Seolito's Blog
Hi Guys,
I am looking for some help with this issue I have had up on the TechNet forums for over a year now. Any help to fix this annoying issue would be greatly appreciated.
https://social.technet.microsoft.com/Forums/en-US/ce75b889-c76a-42e9-b61f-ff5be35fcee5/send-as-permission-works-for-one-email?forum=exchange2010
The person who helps solve this could be entered into a draw to win a brand new car!
Thanks
Pingback: 2015 18 | IT записки
Hi,
We use exch 2013 and we create some distro groups for send as alias..
We got a trouble, becasue if the user wroted the group email the sending is okey, but if they choose the senders dropdown list, he get a message back fr postmaster “Some people is didnt get this email” or simmilar! But if he write again the group address is work fine for first time and in owa is work all time…
Can u help us?
Thanks, and sorry my bad english!
Best Regards
Milán
Hi Paul, we’ve centralized our Exchange users from another forest and I’m not the domain admin on the centralized Exchange 2010 farm anymore like I was until the migration. Now I’d like to keep the option to set SendAs permissions for my users – we have a lot of needs for this. I’m able to “Manage Full Access Permission” but not the SendAs permissions anymore. Any idea how this could be solved for the whole OU so that 3 admins without domain admins rights could still have these permissions? Thanks.
Great Article, with good info.
But,,,,, I have a problem. With enabling Send As for a DL, it only works in Outlook 2010 if you Delete the contents of the Users AppDataLocalMicrosoftOutlookOffline Address book. If the OAB has been updated, the User will get and NDN.
Works fine when using OWA?????? Does not OWA use the same OAB?
But it will work from Outlook Client if you delete the OAB from the Local Workstation.
I have done the above mentioned removal of all check marks for Self, and removed all the check marks except “Send As” for the User.
Any idea’s on were to look for a solution will be greatly appreciated.
Thanks Paul for that useful article. Much appreciated
Hi Paul, we are running exchange server 2010 with Office 2010 32bit. on windows 7. One of our users just switched workstations, currently he is set up with send as permissions for one of our distribution groups, but for some reason on his new workstation it gives him a “You can’t send a message on behalf of this user unless you have permission to do so. ” bounce-back. what could cause him not to be able to send from one workstation verses another?
Thanks,
Ed
Pingback: investasi mmm indonesia
Hi Paul,
Glad I found your post which answered some of my questions. However, I have one question in particular. The scenario is as follows:
Lets say I work for a company and have @company.com as my email address. While configuring Outlook 2010, it just asks me for the Exchange Server name and my name, and it is ready to send emails. What I do not understand is that I haven’t found a way to do the same using a customized script / program. Basically, I want to send emails to other colleagues in the company every day at a set time. I have made a small .NET program, but I have to manually enter (in the code) my username and password. While this is okay for now, I guess if I change my system password, the application will fail to send emails. Am i correct ? Also, is there a way to let the exchange server authenticate and send email and use my windows credentials without me having to explicitly add that in ?
Any help / guidance you can provide will be greatly appreciated.
Thanks,
SyKa
This would not work unless I ONLY left “Send AS” checked for the user. If any other “Allow” right was checked the user could not send an email using the distribution lists email as the from address.
Hello.
Just wanted to add a follow up to this topic since I had trouble with it.
I did all the steps above for a Mail Enabled USG exchange 2010. Added 6 users to a DG and all would get NDR permission issues even after giving them all “send as” in the security tab of the DG.
Like the other user above the following was true:
– send as DG from owa = worked
– send as DG from outlook 2010 (non-cached mode) = worked
– send as DG from outlook 2010 (cached mode) = FAILED
I rebuilt the OAB, and then had all 6 users delete their OAB files. Had them reboot and redownload the OAB and clear out their nk2 file and everything works now.
Hope this helps.
Just want to say thanks for each and every post. Every-time I have to troubleshoot Exchange issues, i find solution or at-least hint for the fix.
Keep up the good work.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Thanks for the feedback. Glad you’re finding the site useful.
Hi All
after doing paul’s steps it doesnt work and we keep get NDR
in order it to work go to security tab at group (check group at AD)
under “Permissions for SELF” make sure to uncheck all other permissions !!!
Hello,
As a domain admin, i added a couple of Domain Admins Accounts to the Security tab of my account and set the “Send as” to deny to prevent them from sending emails as me in our Organization. But the problem is just after few minutes later the accounts disappeared from the Security tab of my account, so they could send emails as me !!
Please help!
Regards.
Hi Paul,
Wonder will there be any difference on a mac outlook?
Hi gopi,
Mac Outlook only lets you pick the “from” address from a list of accounts which your Outlook has been set up to send from. You can’t type into the “from” address field directly.
To get Outlook(2011) to add the new address into that list – go to Tools -> Accounts… -> (Account) -> Delegates
Under there, add the address into “Accounts I can send on behalf of” and it should work…
Mike
I have a question,
lets take an example,
I have DL named XADM10, and it has 10 members.
Now i give all ten members permission to send as XADM10@microsoft.com
now here is the thing
One member has used this send as xadm10@synowledge.com and sent a mail to all employee with an abusive content
now as an admin how do i find who he/she is?
Environment info:
WE got e2k7SP3 Ru9 and there is no discovery search
Audit log on DL will not give out put on send as (i mean as who sent it)
Message header will give info about only the server and server ip not the workstation from which it is sent.
Please guide me..
Thanks
Nelson
Hi Paul, I have two forest because we are in adquisition transition. Forest A, and B.
i need to gran permission into a Distribution Group in Forest A to one user just migrated to Forest B.
The idea is to do by power shell because i can´t see how to grant this permission in ADUC from Forest A.
Could you help me with that? please, thank you in advance.
Juan
More details: The group scope is: Universal
The group type es: Distribution.
Thanks
Pingback: Exchange 2010: Send on Behalf of a Distribution Group « Steve Hardie.com
Hi Paul,
i have been testing this as well and there’s something strange going on.
USG, mail enabled, user J.Wesselius has Send-As permissions on USG, this is Exchange 2010 SP2.
OWA works fine when sending as USG
Outlook 2010 in online mode works fine when sending as USG;
Outlook 2010 in cached mode does not work when sending as USG and a permissions error is sent back to the user saying “You can’t send a message on behalf of this user unless you have permission to do so”.
I’m not sure whether this is an Outlook or an Exchange issue, but it’s not working 😉
Cheers
Jaap
Hi Paul, excellent article. If you have a moment, can you shed some light on why I cannot send from the group when it is hidden and if I can work around that? I had it working but, as soon as I hid the group from Exchange Address Lists it broke. Thanks so much
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I guess Outlook can’t resolve it when its hidden from the GAL. Makes sense to me that it wouldn’t work.
(( Dear TEAM )
How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????
Regards
Hi Paul, This should be easy but it is not working for me. I can ‘send as’ the distribution group from OWA but not Outlook. I deleted the OAB files and restarted Outlook but still get an NDR. Any other suggestions? Thanks, Kevin
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I can’t think of any reason why it wouldn’t work other than the group being the wrong type.
Hi Paul,
I’ve executed the above exactly as mentioned and waited over the mentioned time period. However, I still do not have the ‘required permissions’ when selecting the desired distro group in From in Outlook. Do you’ve any idea why I’m still getting this? I simply wish to have 4 people send as a distro group (admin sec group granted send as permissions).
I’m running into the same issue. I’ve followed these steps, and still when I try to send email as the DG, I get the undeliverable message. I’ve contacted Office365 support, and they are stumped too.
Delivery has failed to these recipients or groups:
You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The tutorial was written for on-premise. Frankly I have no idea if it will work the same in Office 365. However, you should check whether you’ve granted both Send As and Send on Behalf, because that doesn’t work. You can only grant one or the other. If both are granted then problems like this can occur.
We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???
++++++++
We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???
++++++++
(( Dear TEAM )
How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????
Regards
hi Mr king exchange 😉
its works for me but when i enable the cache on Outlook its fail.. mmm do u have any ideas plz ? i m struck
i redld the OAB on the client no joys..
Hi Paul,
There is already a send as permission of the following users but there is a problem when receiving mail to a group and a specific user at the same time. The specific user is also a member of a group, however, they need it to send on its mailbox as a reminder or to give attention. He/She can received email on the group email folder but no email from his/her inbox. How can we resolve this?
Set up send as permission in dist group just as in the article, logged in as user was able to send one email then after that email delivered I loss permission, if I delete it from Outlook and then add it back I can send one email then I loss permission again???? Also there are many users in the dist group and they are not affected accounts have ben compared and permissions matched. Any thoughts anyone. Thanks in advance
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
What do you mean by this? “f I delete it from Outlook and then add it back”
Have you checked that the group is a Universal Security group?
If the group you are sending from is hidden you would have this issue. To work around this issue you have to click “from” each time then select other email address and type it in…. I think the cached distribution lists that show up under “from” do not work if they are hidden form the gal.
http://social.technet.microsoft.com/Forums/nl-NL/exchange2010/thread/cdb42fe0-47b4-4b1c-a647-952ec7d9f324
great article. For me everything works fine with the groups. one question though.
how can i set the default address of the users to be the Distribution Group?
ie. i have 10 users under sales@dimain.com everybody receives the emails To sales@domain.com and can send from it BUT they always have to select the FROM field.
how can i change the FROM to always appear as the sales@domain.com?
and if they want to change it to their personal?
Thnx!
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
That is just how Outlook behaves and I don’t know of a way to change it I’m afraid.
Hi, I have added my account to security permissions of a Distribution Group and grated “Send As” permissions. But still I am unable to send emails as the Distribution Group. The NDR says access denied. Any idea what could be wrong. I waited for more than a day after granting the permissions.
I believe the perms are not syncing to Exchange. Is there anyway to verify this?
Thanks,
Sitaram
Hi Paul,
I’m facing with this problem below;
My user is @domain1.com and I want to send e-mail to Universal Distribution Group in another domain, but I can’t. May I need to created another send connectors?
Thanks in advance,
Renato from Brazil
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
What do you mean by “can’t”? Do you get an error or an NDR of some kind?
I got error. I did not have permission.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Can you please provide the exact error message.
been scratching my head on this
Need to give a user the ability to send of behalf of rights to a bulk of users that are a member of a universal security group.
Basically it needs to look like it came from: Heather Jones on behalf of John Smith.
John Smith is a member of security Group all – company doctors.
Any help is appreciated.
thanks man
Hi paul.
I configured the distribution group for a user and gave the user SEND AS permission but when i log on to the user outlook and open new email to send using the distribution group created there is no FROM from the option..i only have To and CC option.
thanks
Wenn you open a new Mail in Outlook, choose the option tab and there it is…
Also wanted to verify, is it mandatory for the SG to be mail enabled for the accesses to propagate?
our current scenario is that we have given access via a SG to people but they are unable to use Send As permissions which is supposed to replicate via the SG..need your suggestion on this..
Thanks
Hi Paul, thanks for the above details..wanted some information, can we give access to users on the mailbox via security group..we have tested that but its not happeneing..now is it mandatory for the SG to be universal or Global also will do..we are testing that on the Global SG..
thanks for your help
Pingback: Antonio Arienzo the blog
I do not appear to have the security tab on any of my Distribution groups? (Either Security or Distribution groups) Any ideas why?
I can use the other article how to Send on behalf of sing the powershell, without issue, but nowhere canI find this tab.
Help?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Are you looking in Active Directory Users & Computers or in the Exchange Management Console?
The Security tab is only available in ADUC.
Yep I am looking in ADUC – the tab is def not there!
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
In ADUC go to View menu and enable Advanced Features.
Thanks Paul!!!
Ahhh…got it, thank you!
The ADVANCED FEATURES got me too. Thanks.
This is great, but do you know of if adding universal security groups to shared mailboxes would work too?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Yes you can grant permissions to mailboxes using Universal security groups.
I am stucked in one problem. Few users are able to send mail on behalf of any users in my infra. I have checked send as permission but there is no permission defined for those users. We are using exchange 2007. can you please help me.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Hi Arun, perhaps the permissions have been granted at a higher level (database, information store, server, org) instead of on each mailbox.
I suggest opening ADSIEdit.msc, connect to the Configuration container, and look at the permissions on your Exchange objects and containers.
hi paul,
1. we are having some issues with our exchange 2010 server, first we renewed the ssl certificate, now the autodiscover is not working. now all the mac users and iphones are not connecting to our mail server.
2. now i tried to configure imap to the mac users, but in some way it can only send on a certain amount of time. i saw some solutions on send as permission. using ADSIedit.msc, but it will only stay for a couple of minutes, what is the best way to make the send as permission permanent for those users, can you guide us on the steps.
thanks
Hello,
So I followed your suggestion of going into the email group in ADUG added advanced features. I then added both users and myself to the group. I then restarted the exchange information store. I was able to send as that group with my exchange account. I then logged in with the users account and tried sending as that group and comes up don’t have permissions to send as that group. Any ideas?
can you help me with powershell command line for the same.