I'm currently in an environment with a Windows Server 2003 machine running AD and Exchange Server 2007. We have all our users, and a couple of general mailboxes (for example, "customer service") in AD and Exchange.
All my users have added these general mailboxes in their Outlook (Outlook 2007, Windows XP SP3), where they read mail and answer from the same box. This haven't been much of a problem until recently, where a couple of users just can't send mail from the mailboxes. It gives an error message saying they are trying to send mail on someone else's behalf and they don't have permission to do so.
All the mailboxes are set up the same way. All users have the "Send on behalf"-permission you can find when going to the Preferences of the particular mailbox, as well as the "Full Access Permission". The users reporting this problem have these same permissions as anybody else, yet Exchange won't let them send their mail.
I'm pretty new to Exchange, and this is driving me nuts. It's seems so easy with two permissions being set, and I just don't know where to look. Any guidance would be greatly appreciated.
Best Answer
I'm going to make a guess that you're not using security groups to manage the permissions on these mailboxes. I'd recommend, before you do anything else, that you create a security group for each logical grouping of users who need special permission on each mailbox, place the appropriate users into those groups, and grant permission using the groups.
(Beware-- the users' security token may be cached by the Exchange Server computer and it might not see the update group membership immediately. Depending on your environment it could take up to 2 hours in a stock configuration for the server to "see" the change. More details at http://theessentialexchange.com/blogs/michael/archive/2008/01/18/Exchange-Server-Caches.aspx if you want to know more about what I mean.)
By doing this with a group you eliminate the need to modify the permissions in the future if job roles change, etc, for the people involved. You need only specify the right group memberships for new users, changed job roles, etc, and the permissions "just work".
Using the Exchange Management Shell, grant "Full Mailbox Access", "Receive-As", and "Send-As" permission with the following commands:
Obviously, substitute in the mailbox name and group name where appropriate.
(Users with Full Mailbox Access don't have "Send As" permission-- see http://technet.microsoft.com/en-us/library/dd421860.aspx for details)