Powershell – Can’t give ‘send-as’ permissions in Exchange 2010

I'm trying to give 'send-as' permissions to one user in Exchange 2010. Here is the Powershell command I'm running:

Add-ADPermission "User1" -User "Ourdomain\User2" -Extendedrights "Send As"

Powershell returns this error:

Active Directory operation failed on DC.OurDomain.pri. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : EDBB94A3,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

I've tried multiple alternatives to the Powershell command – ie. using -Identity etc., but that and the EMC wizard all return the same error.

I'm not sure if the "INSUFF_ACCESS_RIGHTS" is referring to me who is running the command or the user I'm giving the send-as rights to?

I've been following the Microsoft Technet "Manage Send As Permissions for a Mailbox" web page here:
http://technet.microsoft.com/en-us/library/bb676368.aspx

So have added the two permissions you need to do this:

Organization Management

Recipient Management

But that is not helping. Any ideas?

Update

If I do the following:

• open up "AD Users & Computers" with the "Advanced Features" view
• Go to the properties of User1
• Hit "Advanced" on the Security tab
• Select "Add"
• enter in "User2" and select "Send As" Allow

That works, if I close ADUaC and open it up again and re-check those new permissions they are still there.
If I return about 10 minutes later those permissions are now gone – user2 does not show up in the security permissions of user1 at all.

Don't think I've ever seen this kind of AD behaviour before.