Send as Permissions automatically disappear from specific users.

I had an case  where the send as permissions for one user cannot be set in ECP. he gets error in ECP and Shell:

Active Directory-Antwort: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After giving full control on Exchange trusted subsiste over the account we are able to grand send as permissions, but after 20 minutes the permissions are gone and we are again not able to grant them because of the same error.

Solution

Disappearing of permissions let me in direction Protected Groups. There is an Artikel form Microsoft regarding this issue: https://support.microsoft.com/en-us/kb/2983209

it turns out that the customer is member of administrators group, which is a protected Group. It was nested in one other made by customer security group.

This is causing the AdminCount to be increased to 1

admincount

This is causing the permissions reset and also the inheritance for this account is disabled.

inheritance

this is causing the insufficient permissions error.

After removing the user form the administrator group, deleted, the admin count and enabled the inheritance the issue got resolved.

 

Other Protected groups are :

  • Enterprise Admins
  • Schema Admins
  • Domain Admins
  • Administrators
  • Account Operators
  • Server Operators
  • Print Operators
  • Backup Operators
  • Domain Admins
  • Schema Admins
  • Enterprise Admins
  • Cert Publishers

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s