exchange/outlook 2016 full control

John Curtiss 66 Reputation points
2021-08-26T16:49:04.417+00:00

ad user me@domain1.com has an on-prem exchange 2016 mailbox for me@domain1.com.

there's a one-way outgoing trust with domain2, i have an account me2@domain2.com, and my workstation running outlook 365 is in domain2.com. domain2.com's mail is exchange online. (domain2.com ad is azure-connected but also on prem).

i created the domain local ad group domain1\group1 in domain1, and added me2@domain2.com to it. then i used exchange shell in domain1.com to grant domain1\group1 full maibox permissions to the me@domain1.com mailbox.

on my domain2.com laptop logged in as me2@domain2.com, i can open outlook and see the me@domain1.com mailbox , but when i try to send something from that address, domain1.com's exchange servers bounce it back and say i don't have "send on behalf" permissions.

why do i need "send on behalf" permissions if i have "full control" permissions? i don't want to send on behalf anyway, because i don't want the mail to show up as "sent on behalf of". i just want to be logged in to the mailbox and "send as." what am i missing?

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,984 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,426 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yuki Sun-MSFT 40,896 Reputation points
    2021-08-27T02:58:23.897+00:00

    Hi @JohnpCurtiss,

    why do i need "send on behalf" permissions if i have "full control" permissions?

    By design, "Full Access" permission only allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. it doesn't allow the delegate to send messages from the mailbox. See the permission description in the document below:
    Manage permissions for recipients

    126983-1.png

    i don't want to send on behalf anyway, because i don't want the mail to show up as "sent on behalf of". i just want to be logged in to the mailbox and "send as." what am i missing?

    As per your requirement, you would need to grant domain1\group1 "Send As" permission to the me@domain1.com mailbox. The "Send As" permission allows the delegate to send messages without any indication, it looks as if they came directly from the mailbox or group:
    126950-2.png


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.