I wonder what's the correct procedure in order to assign SendAs (eventually also SendOnBehalf) permissions to a Distribution LIst in EXO which is synced from on-premises. I need to assign this permission to users (wich EXO mailbox) which are also synced via AzureADConnect from on-prem to Azure/EXO.
EXO tells me "You can only manage this group in your on-premises environment. Use 'Active directory users & groups' or 'Exchange Admin Center' tools to edit or delete this group.". If I try to do so from on-prem ECP (we still have one Exchange 2016 on-prem in our Hybrid Environment for such management purposes), I see that I can only modify SendOnBehalf, but also I can also grant it to the few mailboxes which are still on-prem. My O365 mailbox users do not show up. and SendAs is the same, I can only select from on-prem mailboxes. But even though - for SendAs, I cannot assign at least these user, I do get
"Active Directory operation failed on dc-hostname. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152E13, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0"
All we managed to achieve was assigning SendOnBehalf through Exchange Powershell on-prem, which at least synchronizes to AzureAD - and finally works for SendOnBehalf at least.
Set-DistributionGroup xx@company.com -GrantSendOnBehalfTo user1, user2, user3
But trying to assign SendAs via "Add-ADPermission -Identity "mobileX IT" -User user1 -AccessRights ExtendedRight -ExtendedRights "Send As"
" through Exchange PowerShell. also returns this Access Denied error, like via ECP GUI.
So, what's the correct procedure in order to assign, preferable SendAs, but at least SendOnBehalf to Azure-synched users for a Azure-synched group. In this case the group is a mail-enabled security group on-prem and became a mail-enabled security group synched from on-premises in EXO.
thanks
Dieter