Exchange 2013 - Permission for granting "Send As" permission

Jack Chuong 856 Reputation points
2020-11-12T09:03:59.407+00:00

Hi all,
I can grant userA "send as" permission for distribution groupA by administrator account via EAC, I want userB can grant "send as" permission for other users on groupA too, which role in "admin roles" I have to assign userB to archive this ?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,599 questions
0 comments
Accepted answer
  1. Andy David - MVP 147.6K Reputation points MVP
    2020-11-13T01:25:18.253+00:00

    Add it back to the Recipient Management Role. Someone removed it
    You can do this in EAC under Permissions/Admin Role

    39542-image.png

    39533-image.png

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 147.6K Reputation points MVP
    2020-11-12T12:24:06.15+00:00

    The Recipient Management role will give UserB the ability to grant SEND AS to any mail-enabled object in EAC, unless you scoped a custom role to a specific group of recipients using RBAC.

    Regardless, here is how you find which role is required for a specific command

    In this case, send as is granted with add-adpermission for on-prem 

     $Perms = Get-ManagementRole -Cmdlet Add-ADPermission

    Name RoleType

    Active Directory Permissions ActiveDirectoryPermissions 

     $Perms | foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName}

    Role RoleAssigneeType RoleAssigneeName

    Active Directory Permissions RoleGroup Organization Management
    Active Directory Permissions RoleGroup Recipient Management

    To using the built-in role, add the UserB to "Recipient Management" at a minimum

    https://video2.skills-academy.com/en-us/powershell/exchange/find-exchange-cmdlet-permissions?view=exchange-ps
    Alternatively, they can add SEND AS via ADUC if they have perms there as well :)

    1 person found this answer helpful.
    0 comments
  2. Jack Chuong 856 Reputation points
    2020-11-13T01:20:00.577+00:00

    Thanks for your reply,
    In my case , userB is assigned to The Recipient Management role but he cannot grant SEND AS , so I try to find which role is required for "Add-ADPermission" command, this is result :
    $Perms = Get-ManagementRole -Cmdlet Add-ADPermission
    $Perms | foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName}

    Role                         RoleAssigneeType RoleAssigneeName
----                         ---------------- ----------------
Active Directory Permissions        RoleGroup Organization Management

    Recipient Management role is not listed , only Organization Management , I don't want to add userB into Organization Management role, what should I do ?
    I didn't custom any role as default , here information about Recipient Management role at EAC:
    Recipient Management

    Members of this management role group have rights to create, manage, and remove Exchange recipient objects in the Exchange organization. 

Assigned Roles 

Distribution Groups 
Mail Recipient Creation 
Mail Recipients 
Mailbox Import Export 
Message Tracking 
Migration 
Move Mailboxes 
Recipient Policies 
Team Mailboxes
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.