Summary: 1 item(s). 0 succeeded, 1 failed. Elapsed time: 00:00:09 Hi, I have exchange 2010 and migrated from 2003. Everything worked fine till now. I asked to add send as permission to a public folder. I used the 'Managed As Permissions' but this caused the below error. I tried to change the user name using the EMS to the full AD name but that as well got me the same error. I used the Administrator account and created another user and copied the Administrator account details called onladmin and the result is the same ONLINE\john Failed Error: Active Directory operation failed on ONLSRV12.online.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Any Help Thanks Magid The user has insufficient access rights. Exchange Management Shell command attempted: Add-ADPermission -Identity 'CN=Goods_in_OT,CN=Microsoft Exchange System Objects,DC=online,DC=com' -User 'ONLINE\john' -ExtendedRights 'Send-as' Elapsed Time: 00:00:09

Hi, Have a look into this article it might help : http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspxRipu Daman Mina | MCSE 2003 & MCSA Messaging

Hi, Thanks for your reply. I tried this documents and it didn't sort my problem. Any more suggestion

Hi, Here administrator mean member of exchange administration group?.You need to ADD the Role Group with the help of Get-RoleGroupMember "Public Folder Management", Please verify if the “Public Folder Management” role is associated with the account that you used Get-ManagementRoleAssignment -RoleAssignee Account | Ft -Wrap Please put the account into “Public Folder Management” role group, and see if the issue still occurs or not Ripu Daman Mina | MCSE 2003 & MCSA Messaging

As you’ve already known, “Add-ADPermission” cmdlet is required for granting the “Send As” permission The role that can run the cmdlet is the “Active Directory Permissions” role, so please verify if the administrator has the role (The role will be assigned if administrator is the account that is used to install the exchange) Get-managementRoleAssignment -RoleAssignee Administrator -Role “Active Directory Permissions” Resources: Active Directory Permissions RoleJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

I am sorry for thte late reply, we werer soooo busy Here is part of the details as it crash the web page everytime I paste the whole details [PS] C:\Windows\system32>Get-ManagementRoleAssignment -RoleAssignee Administrator | Ft -Wrap Name Role RoleAssigneeName RoleAssigneeType AssignmentMethod EffectiveUserNam e ---- ---- ---------------- ---------------- ---------------- ---------------- Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat Permissions gement s ing Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management Permissions gement s Address Lists-Organization Man Address Lists Organization Mana RoleGroup RoleGroup All Group Member agement-Delegating gement s Address Lists-Organization Man Address Lists Organization Mana RoleGroup RoleGroup All Group Member agement gement s ApplicationImpersonation-Organ ApplicationImpers Organization Mana RoleGroup RoleGroup All Group Member ization Management-Delegating onation gement s Audit Logs-Organization Manage Audit Logs Organization Mana RoleGroup RoleGroup All Group Member ment-Delegating gement s Audit Logs-Organization Manage Audit Logs Organization Mana RoleGroup RoleGroup All Group Member ment gement s Cmdlet Extension Agents-Organi Cmdlet Extension Organization Mana RoleGroup RoleGroup All Group Member zation Management-Delegating Agents gement s Cmdlet Extension Agents-Organi Cmdlet Extension Organization Mana RoleGroup RoleGroup All Group Member zation Management Agents gement s Database Availability Groups-O Database Availabi Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat lity Groups gement s ing Database Availability Groups-O Database Availabi Organization Mana RoleGroup RoleGroup All Group Member rganization Management lity Groups gement s Database Copies-Organization M Database Copies Organization Mana RoleGroup RoleGroup All Group Member anagement-Delegating gement s Database Copies-Organization M Database Copies Organization Mana RoleGroup RoleGroup All Group Member anagement gement s Databases-Organization Managem Databases Organization Mana RoleGroup RoleGroup All Group Member ent-Delegating gement s Databases-Organization Managem Databases Organization Mana RoleGroup RoleGroup All Group Member ent gement s Disaster Recovery-Organization Disaster Recovery Organization Mana RoleGroup RoleGroup All Group Member Management-Delegating gement s Disaster Recovery-Organization Disaster Recovery Organization Mana RoleGroup RoleGroup All Group Member Management gement s Distribution Groups-Organizati Distribution Grou Organization Mana RoleGroup RoleGroup All Group Member on Management-Delegating ps gement s Distribution Groups-Organizati Distribution Grou Organization Mana RoleGroup RoleGroup All Group Member on Management ps gement s Edge Subscriptions-Organizatio Edge Subscription Organization Mana RoleGroup RoleGroup All Group Member n Management-Delegating s gement s Edge Subscriptions-Organizatio Edge Subscription Organization Mana RoleGroup RoleGroup All Group Member n Management s gement s E-Mail Address Policies-Organi E-Mail Address Po Organization Mana RoleGroup RoleGroup All Group Member zation Management-Delegating licies gement s E-Mail Address Policies-Organi E-Mail Address Po Organization Mana RoleGroup RoleGroup All Group Member zation Management licies gement s Exchange Connectors-Organizati Exchange Connecto Organization Mana RoleGroup RoleGroup All Group Member on Management-Delegating rs gement s Exchange Connectors-Organizati Exchange Connecto Organization Mana RoleGroup RoleGroup All Group Member on Management rs gement s Exchange Server Certificates-O Exchange Server C Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat ertificates gement s ing Exchange Server Certificates-O Exchange Server C Organization Mana RoleGroup RoleGroup All Group Member rganization Management ertificates gement s Exchange Servers-Organization Exchange Servers Organization Mana RoleGroup RoleGroup All Group Member Management-Delegating gement s Exchange Servers-Organization Exchange Servers Organization Mana RoleGroup RoleGroup All Group Member Management gement s Exchange Virtual Directories-O Exchange Virtual Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat Directories gement s ing Exchange Virtual Directories-O Exchange Virtual Organization Mana RoleGroup RoleGroup All Group Member rganization Management Directories gement s Federated Sharing-Organization Federated Sharing Organization Mana RoleGroup RoleGroup All Group Member Management-Delegating gement s Federated Sharing-Organization Federated Sharing Organization Mana RoleGroup RoleGroup All Group Member Management gement s Information Rights Management- Information Right Organization Mana RoleGroup RoleGroup All Group Member Organization Management-Delega s Management gement s ting Information Rights Management- Information Right Organization Mana RoleGroup RoleGroup All Group Member Organization Management s Management gement s Journaling-Organization Manage Journaling Organization Mana RoleGroup RoleGroup All Group Member ment-Delegating gement s Journaling-Organization Manage Journaling Organization Mana RoleGroup RoleGroup All Group Member ment gement s Legal Hold-Organization Manage Legal Hold Organization Mana RoleGroup RoleGroup All Group Member ment-Delegating gement s Legal Hold-Organization Manage Legal Hold Organization Mana RoleGroup RoleGroup All Group Member ment gement s Mail Enabled Public Folders-Or Mail Enabled Publ Organization Mana RoleGroup RoleGroup All Group Member ganization Management-Delegati ic Folders gement s ng Mail Enabled Public Folders-Or Mail Enabled Publ Organization Mana RoleGroup RoleGroup All Group Member ganization Management ic Folders gement s Mail Recipient Creation-Organi Mail Recipient Cr Organization Mana RoleGroup RoleGroup All Group Member zation Management-Delegating eation gement s Mail Recipient Creation-Organi Mail Recipient Cr Organization Mana RoleGroup RoleGroup All Group Member zation Management eation gement s Mail Recipients-Organization M Mail Recipients Organization Mana RoleGroup RoleGroup All Group Member anagement-Delegating gement s Mail Recipients-Organization M Mail Recipients Organization Mana RoleGroup RoleGroup All Group Member anagement gement s Mail Tips-Organization Managem Mail Tips Organization Mana RoleGroup RoleGroup All Group Member ent-Delegating gement s Mail Tips-Organization Managem Mail Tips Organization Mana RoleGroup RoleGroup All Group Member ent gement s Mailbox Import Export-Organiza Mailbox Import Ex Organization Mana RoleGroup RoleGroup All Group Member tion Management-Delegating port gement s Mailbox Search-Organization Ma Mailbox Search Organization Mana RoleGroup RoleGroup All Group Member nagement-Delegating gement s Message Tracking-Organization Message Tracking Organization Mana RoleGroup RoleGroup All Group Member Management-Delegating gement s Message Tracking-Organization Message Tracking Organization Mana RoleGroup RoleGroup All Group Member Management gement s Migration-Organization Managem Migration Organization Mana RoleGroup RoleGroup All Group Member ent-Delegating gement s Migration-Organization Managem Migration Organization Mana RoleGroup RoleGroup All Group Member ent gement s Monitoring-Organization Manage Monitoring Organization Mana RoleGroup RoleGroup All Group Member ment-Delegating gement s Monitoring-Organization Manage Monitoring Organization Mana RoleGroup RoleGroup All Group Member ment gement s Move Mailboxes-Organization Ma Move Mailboxes Organization Mana RoleGroup RoleGroup All Group Member nagement-Delegating gement s Move Mailboxes-Organization Ma Move Mailboxes Organization Mana RoleGroup RoleGroup All Group Member nagement gement s Organization Client Access-Org Organization Clie Organization Mana RoleGroup RoleGroup All Group Member anization Management-Delegatin nt Access gement s g Organization Client Access-Org Organization Clie Organization Mana RoleGroup RoleGroup All Group Member anization Management nt Access gement s Organization Configuration-Org Organization Conf Organization Mana RoleGroup RoleGroup All Group Member anization Management-Delegatin iguration gement s g Organization Configuration-Org Organization Conf Organization Mana RoleGroup RoleGroup All Group Member anization Management iguration gement s Organization Transport Setting Organization Tran Organization Mana RoleGroup RoleGroup All Group Member s-Organization Management-Dele sport Settings gement s gati Organization Transport Setting Organization Tran Organization Mana RoleGroup RoleGroup All Group Member s-Organization Management sport Settings gement s POP3 And IMAP4 Protocols-Organ POP3 And IMAP4 Pr Organization Mana RoleGroup RoleGroup All Group Member ization Management-Delegating otocols gement s POP3 And IMAP4 Protocols-Organ POP3 And IMAP4 Pr Organization Mana RoleGroup RoleGroup All Group Member ization Management otocols gement s Public Folder Replication-Orga Public Folder Rep Organization Mana RoleGroup RoleGroup All Group Member nization Management-Delegating lication gement s Public Folder Replication-Orga Public Folder Rep Organization Mana RoleGroup RoleGroup All Group Member nization Management lication gement s Public Folders-Organization Ma Public Folders Organization Mana RoleGroup RoleGroup All Group Member nagement-Delegating gement s Public Folders-Organization Ma Public Folders Organization Mana RoleGroup RoleGroup All Group Member nagement gement s

thanks for your input here what you asked me to do [PS] C:\Windows\system32>Get-managementRoleAssignment -RoleAssignee Administrator -Role "Active Directory Permissions" | ft -wrap Name Role RoleAssigneeName RoleAssigneeType AssignmentMethod EffectiveUserNam e ---- ---- ---------------- ---------------- ---------------- ---------------- Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat Permissions gement s ing Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management Permissions gement s [PS] C:\Windows\system32>

thanks for your input here what you asked me to do [PS] C:\Windows\system32>Get-managementRoleAssignment -RoleAssignee Administrator -Role "Active Directory Permissions" | ft -wrap Name Role RoleAssigneeName RoleAssigneeType AssignmentMethod EffectiveUserNam e ---- ---- ---------------- ---------------- ---------------- ---------------- Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management-Delegat Permissions gement s ing Active Directory Permissions-O Active Directory Organization Mana RoleGroup RoleGroup All Group Member rganization Management Permissions gement s [PS] C:\Windows\system32> Any new information I am still having the same problem

In my case, I have 4 exchange 2010 servers. I had this problem. I used the solution of Magic174 and have checked that the ownership was other server. I connect to the PF from the owner server and I can set the permissions without problems.

I sort of tried Magic174's idea, except instead of changing the Owner, I went to the server that was the owner and was able to make the Send As permission change there no problem... Seems like an bug that you can only administer that permission from the server owner... I have a politically incorrect term I would like to insert here, but I won't.

Hi, in my case it was a HUB server. It was enough to connect to that HUB server, which was owner and run the script under its context. With regards Zbynk

This is truly a bug that MS should consider fixing. Why in gods name should an admin need to log into the mailbox server to administer Public Folder permissions like this?! I know MS has tried to kill off public folders bu this is borderline ridiculous! I was able to assign the send-as extendedrights only after logging into the mailbox server. What happened to distributed administration? Boo MS, fix this.

Although the Question is marked as answered, i'll post my 2 cents worth... Had a similar issue - in migrated environment (Exch2003->Exchn2010) when mail-enabling a PF, got the exact same error as Magic174. Obvoiusly, its a permissions issue. Digged around for a while and found, that it has nothing to doo with My accound (which had all the necessary permissions). But it had to do with Exchange server's permissions. What i found out, that Exchange Server group (the group Exchange 2010 Server account is in) had very-very limited permission on "Microsoft Exchange System Objects" OU. For example "Create Child objects" was missingand when Mail-Enable'ing a PF, an object for that PF is created in this OU. Seems to me, that Exchange Server was not able to create this object. When i added "Create Child objects" permission to "Exchange Servers" group, everityng suddenly worked just fine. I'ts not the exact same problem as posted by Magic174, but i believe that the root cause maybe the same - "Microsoft Exchange System Objects" OU's permissions are messed up.