Unable to grant the Vault Service account "Send As" permission on the system mailboxes
Article ID: 100005371
Updated On:
Description
Error Message
Active Directory operation failed on server.domain.local. This error is not retriable. Additional information: Access is denied.Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data0 + CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException + FullyQualifiedErrorId : 3E19955E,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
Cause
The Add-ADPermissions Powershell command is also checking for the correct permissions of the Microsoft Exchange Server group in addition to the permissions of the account running the command.
Resolution
The minimum required permissions of the Microsoft Exchange Server group is assigned by default to the domain, but inheritance has been disabled on those permissions. Enable inheritance for the Microsoft Exchange Server group, and make sure those permissions propagate down to all child objects.
Issue/Introduction
Unable to grant the Vault Service account "Send As" permission on the system mailboxes whe running the following command:
Add-ADPermission -Identity mailbox_name -User domain\user_name
-AccessRights ExtendedRight -ExtendedRights "send as"
where:
- mailbox_name is the Enterprise Vault system mailbox. If mailbox_name contains spaces, enclose it in quotation marks.
- domain is the Active Directory domain that the Vault Service account belongs to.
- user_name is the Vault Service account. If user_name contains spaces, enclose it in quotation marks.
Was this article helpful?
Yes
No
Powered by
