In a recent article I demonstrated how to grant send on behalf permissions for a distribution group in Exchange 2010.

In this article I’ll show you how to grand send as permissions for distribution groups in Exchange 2010. If you’re not sure what the difference is between “send as” and “send on behalf” it is as simple as this:

  • “Send on behalf” is when the email message has a From address of “Person A on behalf of Person B”. This is fairly common with executives and their assistants who send things like meeting invitations on the exec’s behalf.
  • “Send as” is when the message has a From address of Person B with no indication that it was actually sent by Person A. In other words this is more like impersonation, whereas “send on behalf” is more like delegation.

So let’s take a look at this scenario. Here we have Alannah Shaw, a member of the Payroll department, sending an email to Alan Reid and attempting to send as “Payroll Team”, which is a distribution group.

Exchange 2010: How to Grant Send As Permissions for a Distribution Group

The email is not delivered because Alannah does not have permissions to send as the Payroll Team group.

Exchange 2010: How to Grant Send As Permissions for a Distribution Group

Fortunately configuring “send as” permissions is not difficult at all. There are two ways to grant the permissions.

  • Grant send as permissions to a mailbox user (eg, grant Alannah Shaw permission to send as “Payroll Team”)
  • Grand send as permissions to a universal security group (eg grant “Payroll Team Leaders” permission to send as “Payroll Team”)

You can grant the permissions by using Active Directory Users & Computers. Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change.

Exchange 2010: How to Grant Send As Permissions for a Distribution Group

After making this change you may notice that it does not take effect for up to 2 hours. This is due to caching on the Exchange servers. Though you can speed up the change by restarting the Information Store that is obviously not going to be practical in most production environments, so you’ll often find that you just need to wait.

Once the change has taken effect the user can send as the distribution group.

Exchange 2010: How to Grant Send As Permissions for a Distribution Group

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. KJ

    Paul

    you are by far the best teacher when it comes to Exchange. Honestly, I have learnt so much from your courses on Pluralsight and and from your blogs

    My hats off to your knowledge!

  2. Vasu

    Hello All,

    could you please share power-shell (AD & EXC )KT via attachment.

    Thank you!

    Vasu.

  3. Pradip Goswami

    Hi ,

    I need to give send mail permission to a specific user for a Email distribution group. But when i am trying add him for that i could not see any security group configured for send as permission where i can put that user to get the access automatically. I check in AD as well as exchange management console. Can you please help me on this .

  4. hefedilano

    you saved my life!!! for some reason i thought just adding the users to use the DL in EMC will be enough

  5. Steven Freitas

    Hello Paul,

    I have found it fairly simple to create the DG in ADUC and granting a user rights to it but this is where it gets hard.
    1- since it was made in ADUC it doesn’t even have an email address.
    2- i cannot see this in the “From” in Outlook

    So i tough maybe i have to make the DG in Exchange, but in there i do not have the security option.
    However i am able to see this DG from exchange in the “From” in Outlook but when i try and send from it i get an issue with the permissions…

    What can i do?

    1. Avatar photo

      There’s a point of confusion here that gets a lot of people.

      A “Distribution Group” is a type of group in Active Directory.

      A “Mail-enabled Distribution Group” is an AD Distribution Group that has been enabled (in Exchange) with an email address and can be used to distribute email to the group members.

      We all refer to “Distribution Groups” in the general sense, but as Exchange admins what we really mean is “Mail-enabled Distribution Group”.

      The security/permissions need to either be configured via ADUC or using Add-ADPermission.

      1. Steven Freitas

        Yup, played around with it yesterday and got somewhere using the Exchange distribution groups and the shell command for Add-ADPermission.

        Still cant seem to make it work using the ADUC but its fine if i can just use another method, thank you for the guide tho.

  6. Maxim

    Hi,

    I recently added a new mailbox for a new user in exchange 2010 server and i added two email addresses with different domains @abc, @xyz in this mailbox. i want him to be able to choose between one of these two emails to send as “From” . Can you help me please

  7. Karthik.V

    HI,

    In my org, one of the user getting “Delivery has failed to these recipients or distribution lists”. I have checked in AD console.

    In that Distribution Account,user id is added and their having send as permission.
    Even though user not able to send mail from distribution list.

  8. Rae

    Hi,
    I’ve recently moved to a new laptop (new to me, not new) with Windows 7 and MS Outlook 2010 just like on my old laptop (almost). I am able to Send As using the Distro list on my old laptop and from my phone, but not the new laptop. The only difference I can see is that I do not have a user name on the new laptop. It was set up and given to me with just the admin log in, and I’ve continued to use it. Could this be the reason or is there some setting I’m missing (I set up the e-mail myself, tech support ain’t what it used to be at my company.) My old laptop is still working and I can still send from the Distro with no problem on it and my phone.

    This is causing me all kinds of problems because if I don’t do it just so, my messages sit in the Outbox forever. What do I need to do to get this working on the new laptop?

  9. Brianmel

    I Paul.
    I have an issue, we have a DG and it can receive and send mails.
    BUT! the only way to send an email without get the “no permission” mail is to look for the DG in the global address book.
    And when I find it, I see the name of the DG in the “send as” textbox. If I type the DG address I get the error, and the outlook only remember the address, not the the DG name in the address list.

    Example.
    send as: sales@domain.com —-> get error
    send as: DG- SALES —–> ok , but at the next email I send, outlook type sales@domain.com

    thanks!

  10. Sebastian

    Hi,

    I am wondering if it is possible to allow user to “send as” distribution group, when is not a member of it.

    The aim is to allow users to send as DR but not to be able to recieve replays (as only other group of members is receiving them).

    Thanks

      1. Sebastian

        Hi Paul,

        Thank you for coming back to me so quickly.

        Am I right to assume from your answer that the solution from this, yours article would be enough to achieve this? So I would just give “send as” permission to universal group of users who are not members of the Distribution Group and that would enable them to send as?

        Thanks

  11. Milan

    Hi,

    We use exch 2013 and we create some distro groups for send as alias..

    We got a trouble, becasue if the user wroted the group email the sending is okey, but if they choose the senders dropdown list, he get a message back fr postmaster “Some people is didnt get this email” or simmilar! But if he write again the group address is work fine for first time and in owa is work all time…

    Can u help us?

    Thanks, and sorry my bad english!

    Best Regards
    Milán

  12. Luka Romih

    Hi Paul, we’ve centralized our Exchange users from another forest and I’m not the domain admin on the centralized Exchange 2010 farm anymore like I was until the migration. Now I’d like to keep the option to set SendAs permissions for my users – we have a lot of needs for this. I’m able to “Manage Full Access Permission” but not the SendAs permissions anymore. Any idea how this could be solved for the whole OU so that 3 admins without domain admins rights could still have these permissions? Thanks.

  13. Jim

    Great Article, with good info.
    But,,,,, I have a problem. With enabling Send As for a DL, it only works in Outlook 2010 if you Delete the contents of the Users AppDataLocalMicrosoftOutlookOffline Address book. If the OAB has been updated, the User will get and NDN.

    Works fine when using OWA?????? Does not OWA use the same OAB?

    But it will work from Outlook Client if you delete the OAB from the Local Workstation.

    I have done the above mentioned removal of all check marks for Self, and removed all the check marks except “Send As” for the User.

    Any idea’s on were to look for a solution will be greatly appreciated.

  14. Navishkar Sadheo

    Thanks Paul for that useful article. Much appreciated

  15. Ed

    Hi Paul, we are running exchange server 2010 with Office 2010 32bit. on windows 7. One of our users just switched workstations, currently he is set up with send as permissions for one of our distribution groups, but for some reason on his new workstation it gives him a “You can’t send a message on behalf of this user unless you have permission to do so. ” bounce-back. what could cause him not to be able to send from one workstation verses another?

    Thanks,

    Ed

  16. SyKa

    Hi Paul,

    Glad I found your post which answered some of my questions. However, I have one question in particular. The scenario is as follows:

    Lets say I work for a company and have @company.com as my email address. While configuring Outlook 2010, it just asks me for the Exchange Server name and my name, and it is ready to send emails. What I do not understand is that I haven’t found a way to do the same using a customized script / program. Basically, I want to send emails to other colleagues in the company every day at a set time. I have made a small .NET program, but I have to manually enter (in the code) my username and password. While this is okay for now, I guess if I change my system password, the application will fail to send emails. Am i correct ? Also, is there a way to let the exchange server authenticate and send email and use my windows credentials without me having to explicitly add that in ?

    Any help / guidance you can provide will be greatly appreciated.

    Thanks,

    SyKa

  17. Steve

    This would not work unless I ONLY left “Send AS” checked for the user. If any other “Allow” right was checked the user could not send an email using the distribution lists email as the from address.

  18. dirka

    Hello.

    Just wanted to add a follow up to this topic since I had trouble with it.

    I did all the steps above for a Mail Enabled USG exchange 2010. Added 6 users to a DG and all would get NDR permission issues even after giving them all “send as” in the security tab of the DG.

    Like the other user above the following was true:
    – send as DG from owa = worked
    – send as DG from outlook 2010 (non-cached mode) = worked
    – send as DG from outlook 2010 (cached mode) = FAILED

    I rebuilt the OAB, and then had all 6 users delete their OAB files. Had them reboot and redownload the OAB and clear out their nk2 file and everything works now.

    Hope this helps.

  19. Robbie

    Just want to say thanks for each and every post. Every-time I have to troubleshoot Exchange issues, i find solution or at-least hint for the fix.
    Keep up the good work.

  20. LIORKALE

    Hi All
    after doing paul’s steps it doesnt work and we keep get NDR
    in order it to work go to security tab at group (check group at AD)
    under “Permissions for SELF” make sure to uncheck all other permissions !!!

  21. Redouane Sarra

    Hello,

    As a domain admin, i added a couple of Domain Admins Accounts to the Security tab of my account and set the “Send as” to deny to prevent them from sending emails as me in our Organization. But the problem is just after few minutes later the accounts disappeared from the Security tab of my account, so they could send emails as me !!

    Please help!

    Regards.

  22. gopi

    Hi Paul,

    Wonder will there be any difference on a mac outlook?

    1. Mike

      Hi gopi,
      Mac Outlook only lets you pick the “from” address from a list of accounts which your Outlook has been set up to send from. You can’t type into the “from” address field directly.
      To get Outlook(2011) to add the new address into that list – go to Tools -> Accounts… -> (Account) -> Delegates
      Under there, add the address into “Accounts I can send on behalf of” and it should work…

      Mike

  23. nelson9821

    I have a question,

    lets take an example,

    I have DL named XADM10, and it has 10 members.
    Now i give all ten members permission to send as XADM10@microsoft.com
    now here is the thing
    One member has used this send as xadm10@synowledge.com and sent a mail to all employee with an abusive content
    now as an admin how do i find who he/she is?

    Environment info:
    WE got e2k7SP3 Ru9 and there is no discovery search
    Audit log on DL will not give out put on send as (i mean as who sent it)
    Message header will give info about only the server and server ip not the workstation from which it is sent.

    Please guide me..

    Thanks
    Nelson

  24. Juan

    Hi Paul, I have two forest because we are in adquisition transition. Forest A, and B.
    i need to gran permission into a Distribution Group in Forest A to one user just migrated to Forest B.
    The idea is to do by power shell because i can´t see how to grant this permission in ADUC from Forest A.

    Could you help me with that? please, thank you in advance.

    Juan

    1. Juan

      More details: The group scope is: Universal
      The group type es: Distribution.

      Thanks

  25. Jaap Wesselius

    Hi Paul,

    i have been testing this as well and there’s something strange going on.
    USG, mail enabled, user J.Wesselius has Send-As permissions on USG, this is Exchange 2010 SP2.
    OWA works fine when sending as USG
    Outlook 2010 in online mode works fine when sending as USG;
    Outlook 2010 in cached mode does not work when sending as USG and a permissions error is sent back to the user saying “You can’t send a message on behalf of this user unless you have permission to do so”.

    I’m not sure whether this is an Outlook or an Exchange issue, but it’s not working 😉

    Cheers
    Jaap

  26. Ben

    Hi Paul, excellent article. If you have a moment, can you shed some light on why I cannot send from the group when it is hidden and if I can work around that? I had it working but, as soon as I hid the group from Exchange Address Lists it broke. Thanks so much

  27. Abdulaziz

    (( Dear TEAM )

    How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????

    Regards

  28. Kevin

    Hi Paul, This should be easy but it is not working for me. I can ‘send as’ the distribution group from OWA but not Outlook. I deleted the OAB files and restarted Outlook but still get an NDR. Any other suggestions? Thanks, Kevin

  29. Cam

    Hi Paul,

    I’ve executed the above exactly as mentioned and waited over the mentioned time period. However, I still do not have the ‘required permissions’ when selecting the desired distro group in From in Outlook. Do you’ve any idea why I’m still getting this? I simply wish to have 4 people send as a distro group (admin sec group granted send as permissions).

    1. Len

      I’m running into the same issue. I’ve followed these steps, and still when I try to send email as the DG, I get the undeliverable message. I’ve contacted Office365 support, and they are stumped too.

      Delivery has failed to these recipients or groups:

      You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

  30. Abdulaziz

    We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???

    1. Abdulaziz

      ++++++++
      We have on group name ( Sales Managers ) and we give (Send as) permission to this group member ( Accounts Managers) to send Emails using (Sales Managers ) Address ,,, Now we need to trace who sent the Emails ???
      ++++++++

      (( Dear TEAM )

      How I can trace the message which is sent via ( Send AS ) FROM ( Distribution List ) ????

      Regards

  31. captain_exchange

    hi Mr king exchange 😉

    its works for me but when i enable the cache on Outlook its fail.. mmm do u have any ideas plz ? i m struck
    i redld the OAB on the client no joys..

  32. Roger

    Hi Paul,

    There is already a send as permission of the following users but there is a problem when receiving mail to a group and a specific user at the same time. The specific user is also a member of a group, however, they need it to send on its mailbox as a reminder or to give attention. He/She can received email on the group email folder but no email from his/her inbox. How can we resolve this?

  33. joe

    Set up send as permission in dist group just as in the article, logged in as user was able to send one email then after that email delivered I loss permission, if I delete it from Outlook and then add it back I can send one email then I loss permission again???? Also there are many users in the dist group and they are not affected accounts have ben compared and permissions matched. Any thoughts anyone. Thanks in advance

  34. Neo78

    great article. For me everything works fine with the groups. one question though.

    how can i set the default address of the users to be the Distribution Group?

    ie. i have 10 users under sales@dimain.com everybody receives the emails To sales@domain.com and can send from it BUT they always have to select the FROM field.

    how can i change the FROM to always appear as the sales@domain.com?
    and if they want to change it to their personal?

    Thnx!

  35. Sitaram

    Hi, I have added my account to security permissions of a Distribution Group and grated “Send As” permissions. But still I am unable to send emails as the Distribution Group. The NDR says access denied. Any idea what could be wrong. I waited for more than a day after granting the permissions.

    I believe the perms are not syncing to Exchange. Is there anyway to verify this?

    Thanks,
    Sitaram

  36. Renato

    Hi Paul,

    I’m facing with this problem below;

    My user is @domain1.com and I want to send e-mail to Universal Distribution Group in another domain, but I can’t. May I need to created another send connectors?

    Thanks in advance,

    Renato from Brazil

      1. Renato

        I got error. I did not have permission.

  37. Adam

    been scratching my head on this

    Need to give a user the ability to send of behalf of rights to a bulk of users that are a member of a universal security group.

    Basically it needs to look like it came from: Heather Jones on behalf of John Smith.

    John Smith is a member of security Group all – company doctors.

    Any help is appreciated.

  38. abdulsalam lukman

    thanks man

  39. abdulsalam lukman

    Hi paul.
    I configured the distribution group for a user and gave the user SEND AS permission but when i log on to the user outlook and open new email to send using the distribution group created there is no FROM from the option..i only have To and CC option.

    thanks

    1. Joerg Renggli

      Wenn you open a new Mail in Outlook, choose the option tab and there it is…

  40. Manish Singh

    Also wanted to verify, is it mandatory for the SG to be mail enabled for the accesses to propagate?

    our current scenario is that we have given access via a SG to people but they are unable to use Send As permissions which is supposed to replicate via the SG..need your suggestion on this..

    Thanks

  41. Manish Singh

    Hi Paul, thanks for the above details..wanted some information, can we give access to users on the mailbox via security group..we have tested that but its not happeneing..now is it mandatory for the SG to be universal or Global also will do..we are testing that on the Global SG..

    thanks for your help

  42. Martin

    I do not appear to have the security tab on any of my Distribution groups? (Either Security or Distribution groups) Any ideas why?
    I can use the other article how to Send on behalf of sing the powershell, without issue, but nowhere canI find this tab.
    Help?

      1. Martin

        Yep I am looking in ADUC – the tab is def not there!

        1. Matt

          Thanks Paul!!!

      2. Martin

        Ahhh…got it, thank you!

        1. John Healy

          The ADVANCED FEATURES got me too. Thanks.

  43. James

    This is great, but do you know of if adding universal security groups to shared mailboxes would work too?

      1. Arun Joshi

        I am stucked in one problem. Few users are able to send mail on behalf of any users in my infra. I have checked send as permission but there is no permission defined for those users. We are using exchange 2007. can you please help me.

        1. tj

          hi paul,
          1. we are having some issues with our exchange 2010 server, first we renewed the ssl certificate, now the autodiscover is not working. now all the mac users and iphones are not connecting to our mail server.
          2. now i tried to configure imap to the mac users, but in some way it can only send on a certain amount of time. i saw some solutions on send as permission. using ADSIedit.msc, but it will only stay for a couple of minutes, what is the best way to make the send as permission permanent for those users, can you guide us on the steps.

          thanks

        2. Daniel Audette

          Hello,

          So I followed your suggestion of going into the email group in ADUG added advanced features. I then added both users and myself to the group. I then restarted the exchange information store. I was able to send as that group with my exchange account. I then logged in with the users account and tried sending as that group and comes up don’t have permissions to send as that group. Any ideas?

      2. d akula

        can you help me with powershell command line for the same.

Leave a Reply