0

Hoping for a little help here as frankly I'm struggling. I need to be able to do "Send As" for a user to be able to send as some accounts that are in protected groups (the actual application is Blackberry but the behaviour is the same in a normal Outlook profile).

I seem to be running into the Protected Groups issue.

So, I followed Method 2 here: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04707

Yet it still doesn't seem to work (I've not restarted the Store but we're well beyond 2 hours now).

We're running a Windows 2003 R2 domain with Exchange 2003 SP2.

Ben Pilbrow
  • 12,041
  • 5
  • 36
  • 57
flooble
  • 2,364
  • 8
  • 28
  • 32

1 Answers1

0

Having seen this exact problem before, and waiting overnight for the permission cache to expire with no joy, bouncing the Information Store worked for me.

The best way to totally eradicate this problem (and I appreciate the potential politics involved in this) is to revoke all administrative privileges from the accounts you're having problems with and give them separate admin accounts.

The adminSDHolder thread was created by Microsoft for a reason, and modifying its behaviour is just undermining the whole process. /soapbox

Ben Pilbrow
  • 12,041
  • 5
  • 36
  • 57
  • Thanks for the reply, much appreciated and store bounce is scheduled in 40 minutes. I do take the point on best practise, though I am slightly curious how many people stick by it if not just to make me feel a little better or worse :) – flooble Nov 23 '10 at 11:49
  • I have to agree with Ben, if you're having this problem because a named user is a member of an elevated group affected by this issue, then that's where the real problem lies. My recommendation would be to remove the user from the relevant groups and create a new elevated user with which to perform admin duties. I'm a sysadmin but my user account is not a member of any admin groups. I log on to my workstation with a regular old Domain User account just like everyone else in my company. When I need to perform admin duties, I log on to the appropriate system with the Domain Admin account. – joeqwerty Nov 23 '10 at 12:32
  • OK point taken on the admin side, but that's not going to change overnight so for now... having restarted the Exchange server/services the problem is still present, even within Outlook doing a "Send As" (so ignore BES for now I think). Not sure what/where else I may have missed anything? – flooble Nov 23 '10 at 12:59
  • @Hutch - is this a new BES install, or an existing one? – Ben Pilbrow Nov 23 '10 at 13:06
  • Ben, brand new and I followed the instructions to the letter. Right now the BES is switched off, just logging onto a desktop as besadmin and using Outlook I still can't do a "Send As" for members of protected groups, even though if I look on the Security tab of their accounts in ADUC, the besadmin account has "Send As" permissions. – flooble Nov 23 '10 at 13:14
  • Just to add, I ended up trying "Method 1" and disappearing for a few hours, and when I came back I could use Outlook to do the "Send As" so fingers crossed all is good in the world :) – flooble Nov 23 '10 at 18:39