Send As permissions - do not apply immediately
I grant user M Rocard “Full Access” and then “Send As” permissions to the mailbox of R Barre. Full Access: Add-MailboxPermission -id rbarre -user mrocard -AccessRights FullAccess -InheritanceType All Identity User AccessRights IsInherited Deny -------- ---- ------------ ----------- ---- contoso.com/... CONTOSO\mrocard {FullAccess} False False Let’s double-check: [PS] C:\>Get-MailboxPermission rbarre Identity User AccessRights IsInherited Deny -------- ---- ----------- ----------- ---- contoso.com/... NT AUTHORITY\SELF {FullAccess,... False False contoso.com/... CONTOSO\mrocard {FullAccess} False False Now, we’ll add “Send As” [PS] C:\>Add-ADPermission -id "Roger Barre" -user mrocard -AccessRights ExtendedRight -ExtendedRights "Send As" Identity User Deny Inherited Rights -------- ---- ---- --------- ------ contoso.com/... CONTOSO\mrocard False False Send-As ------------------------------------------------------------------ Note: -id rbarre -id rbarre@contoso.com Why don’t these work ? ---------------------------------------------------------------- Anyway, “Send As” fails. This was testing by M Rocard accessing the MBX of R Barre via OWA: http://4ccq3q.blu.livefilestore.com/y1pEIUhyiP94zpPpUv7RjhvbdWXtK-hbjufekfkndLi1yy3hU5pI76ah6l0g0yMIkTO9FwR_T-liQVioFLohKkSf3eTQuJXHYzK/SendAsPrb-2.JPG Yet, this confirms the correct settings http://4ccq3q.blu.livefilestore.com/y1po-9JeedhIE8ENLpou_p-0ngWFYFI7P9XsJVjTMEseci7NXO8Ye9SNIzOe5jzh8owEXQnXWAcasliuwaDqPnwMwmuOsgBZ3Ah/SendAsPrb-1.JPG Thinking I may have done something incorrectly, I removed the Send As permission and then added it in the EMC instead. This was the output: Add-ADPermission -Identity 'CN=Roger Barre,DC=contoso,DC=com' -User 'CONTOSO\mrocard' -ExtendedRights 'Send-as' It’s slightly different from the command I entered manually and presumbly correct. Send As fails all the same !!! I try all the following iisreset /noforce (doubtful) - FAIL Logged off and back on (not just in OWA but closed and re-opened Windows XP session) - FAIL Restarted Information Store and Service Host services This seems to work (message was finally sent and received). Why would you have to restart a service to make this work?
January 29th, 2010 12:19am

I believe forcing the AD replication should resolve the issue. Arun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2010 2:29pm

AD replication from a domain controller (global catalog?) to the Exchange server, right?As opposed to replication between domain controllers? If so, how would you force replication in this case (I know how to do it between domain controllers with AD Sites and Services, REPLMON or REPADMIN but not towards an Exchange server)? Otherwise, thank you for your input.
January 29th, 2010 11:52pm

AD replication from a domain controller (global catalog?) to the Exchange server, right?As opposed to replication between domain controllers? If so, how would you force replication in this case (I know how to do it between domain controllers with AD Sites and Services, REPLMON or REPADMIN but not towards an Exchange server)? Otherwise, thank you for your input. There is no AD to Exchange replication.I'm not sure if this is something that's cached offhand. If it is, it may take a couple hours for it to be effective. Active Directory, 4th Edition - www.briandesmond.com/ad4/
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2010 9:00am

<There is no AD to Exchange replication>I will delete that post.
January 31st, 2010 10:33pm

If restarting the store magically fixed the problem, then it was the MBI cache that was causing the issue. The store caches some user account attributes that don't change very often to prevent unneeded hits to the AD.See also: http://support.microsoft.com/default.aspx/kb/293773-aseigler
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2010 3:31am

This problem is occured because Information Store use cache for store mailbox permission's configuration. The cache lifetime is 2 hour by default. You may force cache update by restart IS Service, or modify system Registry. Add following parameter in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem:Key Name: Mailbox Cache Age LimitKey Type: REG_DWORDValue: Maximum Cache Age time in minutes (in decimal). Then restart IS scervice.Note: Don't set value less then 15 minutes. This can take grave consequences to system perfomance.In this case you change cache life-time.Sorry for my English :) MVP Exchange Server from Russia http://okrylov.wordpress.com
February 1st, 2010 1:39pm

Oleg's suggestion will definately force the MSExchangeIS to refresh the cache information but i wouldn't recommend this setting to be go online forever.... Once the issue get resolve revert it to the default settings.Digging to these setting will impact on the performance for MSExchangeIS process on exchange server.The caches for AD object and Information Store increase performance of Exchange. Lowering this value may lead to poor performance because the Exchange Server will perform more Active Directory queries.If you set this value to 0, you turn off the Mailbox Cache. Microsoft does not recommend setting this value to 0 because DSAccess must perform more Active Directory lookups.Reference:Exchange 2000 and Exchange 2003 mailbox size limits are not enforced in a reasonable period of time; fix requires Exchange 2000 SP3http://support.microsoft.com/kb/327378/Exchange 2007 - Mailbox Size Limits Are Not Enforced in a Reasonable Period of Timehttp://technet.microsoft.com/en-us/library/bb684892.aspxArun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2010 5:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics