Friday, March 29, 2013

Cannot add send as permission for public folder on Exchange 2010

In this case Exchange Administrator was trying to delegate send as permission to a mail enabled public folder on Exchange 2010. Wizard for delegating Send As permission was failing with following error message:

Active Directory operation failed on This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help...
This public folder was migrated from previous Exchange organization, and the admin user was having permission to manage public folders. When Exchange admin was creating new mail enabled public folder, he was able to delegate Send As permission. Checking the owner for public folder using ADSIedit (Default naming context->DC=Domain,Dc=name->CN=Microsoft Exchange System Objects), was showing SYSTEM for the "migrated" public folder, and for the newly created public folder it was Computername$ of the Exchange Server.
So, one way to fix this issue is to change the owner of the "migrated" public folder to Computername$ of the Exchange Server.

Reminder: User(s) will not be able to send on behalf of mail enabled public folder even if they have send as permission, if mail enabled public folder is hidden from address list.