Unable to send as from on-prem as an Exchange online user? Chances are that your access rights aren't setup correctly.
First of all there is a known issue regarding "Send-As" and "Send on behalve" in Exchange Online:
Can't manage "Send as" and "Send on behalf" permissions for Exchange Online users in an on-premises hybrid environmentExchange Online
Symptoms
You can’t find a user who was migrated to Exchange Online in the People Picker in the Exchange Admin Center (EAC). Additionally, the "Send as" and "Send on behalf" permissions can’t be added for legacy dedicated or on-premises mailboxes.
Cause
After mailboxes are moved from the on-premises environment to Exchange Online, they are represented as Remote Mailboxes. These remote mailboxes are not displayed in the EAC People Picker.
Workaround
This issue is being investigated by Microsoft. To work around this issue, run the following Remote PowerShell cmdlets to add these permissions:
"Send as" permission: Add-ADPermission
"Send on behalf" permission: Set-Mailbox
How to get around this?
Connect to Exchange Online PowerShell and run the following:
1 2 3 4 5 6 7 8 9 | Add-RecipientPermission -Identity sharedmailbox@domain.nl -Trustee firstname.Lastname@domain.nl -AccesConfirm Are you sure you want to perform this action? Adding recipient permission 'SendAs' for user or group 'Firstname.Lastname@domain.nl' on recipient Identity:'sharedmailbox@domain.nl'. [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): A Identity Trustee AccessControlType AccessRights Inherited -------- ------- ----------------- ------------ --------- Klic Lastname, Firstname (50439) Allow {SendAs} False |
Check your settings:
1 2 3 4 5 6 7 | Get-RecipientPermission -Identity sharedmailbox@domain.nl Identity Trustee AccessControlType AccessRights Inherited -------- ------- ----------------- ------------ --------- Klic NT AUTHORITY\SELF Allow {SendAs} False Klic Some.User@domain.nl Allow {SendAs} False Klic Firstname.Lastname@domain.nl Allow {SendAs} False |
And for a security group:
1 2 3 4 5 6 7 8 9 10 | Add-RecipientPermission -Identity sharedmailbox@domain.nl -Trustee YourSecurityGroupName -AccessRights sendas Confirm Are you sure you want to perform this action? Adding recipient permission 'SendAs' for user or group 'sm.klic' on recipient Identity:'klic.klicdomain@domain.nl'. [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): A Identity Trustee AccessControlType AccessRights Inherited -------- --------------------- ----------------- ------------ --------- Klic YourSecurityGroupName Allow {SendAs} False |
No comments:
Post a Comment