I had an case where the send as permissions for one user cannot be set in ECP. he gets error in ECP and Shell:
Active Directory-Antwort: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
After giving full control on Exchange trusted subsiste over the account we are able to grand send as permissions, but after 20 minutes the permissions are gone and we are again not able to grant them because of the same error.
Solution
Disappearing of permissions let me in direction Protected Groups. There is an Artikel form Microsoft regarding this issue: https://support.microsoft.com/en-us/kb/2983209
it turns out that the customer is member of administrators group, which is a protected Group. It was nested in one other made by customer security group.
This is causing the AdminCount to be increased to 1
This is causing the permissions reset and also the inheritance for this account is disabled.
this is causing the insufficient permissions error.
After removing the user form the administrator group, deleted, the admin count and enabled the inheritance the issue got resolved.
Other Protected groups are :
- Enterprise Admins
- Schema Admins
- Domain Admins
- Administrators
- Account Operators
- Server Operators
- Print Operators
- Backup Operators
- Domain Admins
- Schema Admins
- Enterprise Admins
- Cert Publishers
Exchange-Fix 