This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are deploying a new Hybrid exchange set between an on-premise exchange 2013 mail server and Office 365. About 2 weeks ago, I noticed that our Organizational Management group disappeared on the on-premise server's ECP console. Along with this my non-domain admin account that I use to delegate limited permissions to lost all rights to administer the on-premise exchange server. At the same time I noticed that on the shared mailboxes, using my domain admin account, I can edit who has full access to the mailbox but I can not add or remove permissions to Send As from the same mailbox.
In the above screen shot from my on premise ECP console, the plus and Minus buttons are missing and I can not make changes to the Send As permissions.
My other Admin does not recall making any changes that would do this to our On-premise email server. I am looking for help to restore the Organizational Management group and the ability to change the Send As Permissions on our on Premise Email Exchange 2013 Server.
--Update--
It was just pointed out to me that I can no longer make changes to send and receive connectors or any thing else that is on the Mail Flow section. they are all just grayed out.
Help. I am getting locked out of my On Premise Exchange server.
After much pain and suffering of pouring through documentation and starting form the basic about permissions, I found the problem.
The Organization Management group needs to be a Universal Group. Some how it was changed to a Domain local group. Once I made this change, everything was right with the world again in the Exchange Admin Console. The group showed up under permissions and everything that I was having problems with was fixed.
This is a case example of not to screw with the Built in User Groups.
Here are management roles that contained in "Organization Management" permission group:
About Send As permission, we can use command below to know this command permission is contained in "Active Directory Permissions" permission role:
You just need to create a permission group(such as Organization Management) with this permission role, then add your account into this permission group. After that, login in ECP again, you will could using this permission again.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for trying to help. I think there is something else going on.
I ran the command to get the ADD-ADpermission But it did not work.
The Organization Management Group still exist in our AD environment, it just is not seen in the ECP nor can i add or edit groups.
The Above screen shot was taken while I was logged in as a Domain Admin
@Mike Carter
The Get-ManagementRole just used to check the "Add-ADPermission" command contained in which permission role, don't mean your account has this permission. You need to add the "Active Directory Permissions" into a "role group", then add your account into this group, such as:
I notice that you even cannot create a new role group, try to check from ADUC, make sure you admin account contained in those groups:
Then sign out and login ECP, check whether you could modify role group and whether is the "Active Directory Permissions" role group exist.
the Organizational Management group is in ADUC and membership has not changed.
The Problem is with the Mail server. The only major change is that we have a Hybrid connection with Office 365.
I just Made an update. this problem is also preventing me from making changes to connectors and rules.