3

I've got several users that were doing "send as" operations from Outlook on-prem. Upon moving them to the cloud, some still can, but others suddenly cannot.

More interestingly, the "send as" list for the account they use did not match the people actually using it. There are people not in the list that were (and still could send as) while there are people in the list that can't send as!

I corrected the list with Add-ADPermission Group -ExtendedRights Send-As -user User entered at the on-prem server. No change whatsoever. I verified it did synch to the cloud fine. I then tried adding myself as I've never sent as before. My account propagated fine, but I also cannot do "send as" on that account.

A great many of the things I've looked at online suggestion address book problems and talk about how it will work in web but not thick client. In our case it also does not work in web and the address book fixes do not help.

I've also seen some scripts that suggest that "FullAccess" rights are required rather than just Send-As, but those scripts all fail with syntax errors as apparently "FullAccess" / Trustee commands do not work on my version of Exchange/Powershell?

Brian Knoblauch
  • 2,196
  • 2
  • 32
  • 48
  • It's not clear if you are trying to delegate send-as permissions between cloud and on-prem mailboxes or just between cloud mailboxes. Which are you trying to do, or are you trying to do both? – Todd Wilcox Feb 21 '19 at 20:12
  • @ToddWilcox Right now, all our on-prem people and *some* cloud people can successfully send as the group. However, *some* cloud people cannot. The group was created ages ago in AD as a security group and changes do propagate to Azure AD. – Brian Knoblauch Feb 21 '19 at 20:17

1 Answers1

2

Send-As permission does not synchronize automatically by Azure Ad Connect between On-premises and Office 365. However, if you add the send-as permission manually in both environments, Send-As will work in most of the scenarios.

For example, you want to grant send-as permission for an On-Premises mailbox called ONPREM1 to a cloud mailbox called EXO1, First run the following command on your on-premises server- Add-ADPermission -Identity EXO1 -User ONPREM1 -AccessRights ExtendedRight -ExtendedRights "Send As" Then run the corresponding command from Exchange Online PowerShell- Add-RecipientPermission -Identity "EXO1" -Trustee ONPREM1 -AccessRights SendAs

Reference: https://social.technet.microsoft.com/Forums/lync/en-US/d4ee2b9a-c7f2-48b2-aa05-5ed26dc0c704/cross-premises-permissions-in-exchange-hybrid?forum=exchangesvradmin https://social.technet.microsoft.com/Forums/windowsserver/en-US/e349c42e-147e-40c7-be21-2808f69137c6/crosspremises-send-as-in-hybrid-it-works?forum=onlineservicesexchange

Jayce
  • 804
  • 5
  • 5
  • Well, that's helpful... After doing so, my account can now "send as". One particular problem user it reports as already being in there though. Curious. – Brian Knoblauch Feb 22 '19 at 14:36
  • 1
    It works in most of the scenarios, it is better to put them both on one side, both on Exchange Online. – Jayce Feb 25 '19 at 06:58
  • This got it. Turns out it's a really convoluted process and I needed to give Send As for my users both on-prem and in cloud for 2 different accounts (one distribution group and one "user" without mailbox). Thanks much, that was getting seriously frustrating! – Brian Knoblauch Feb 26 '19 at 14:52