Try this:
Get-RemoteMailbox xxx@company.de | Add-ADPermission -User michaela.yyyy-zzz@company.de -AccessRights ExtendedRight -ExtendedRights "Send As"
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have an Exchange Hybrid model with most of the mailboxes on-premises and all accounts in local AD, synced to Azure via AADSync.
Now I do have two mailboxes online and want to grant other users (local AD and local mailbox) Send As privilege on these mailboxes.
This does work for me, but I am also some super administrator, at least i have several powerful admin roles, but it does not work for my regular users in charge.
I have granted mailbox delegation for "Read and manage" + "Send As" (not send on behalf), but every time they try to send out emails from their Outlook the get the message that they are not allowed to send on behalf of that recipient.
First of all, they shouldn't send on behalf (if I'd grant that permission that would work), but send as, and second are they missing some special role or something? Because, as I said, for me it works, for them, it doesn't.
I have also checked permission on the mailbox, it is about user Michaela, see attachment.
This is a different screenshot, on another mailbox there is another user with same permissions, plus myself, how I am the only one which can send as.
Any idea? I have granted these permissions about 4 hours ago.
Try this:
Get-RemoteMailbox xxx@company.de | Add-ADPermission -User michaela.yyyy-zzz@company.de -AccessRights ExtendedRight -ExtendedRights "Send As"
Thanks Andy, this worked and yes, now, with the combination of adding delegate permission send as to the remote mailbox in O365 and granting AD-Permission on that Remote Mailbox to the on-prem AD Account, it works
One can check if Send-As is assigned by firing this query:
Get-RemoteMailbox xxx@company.de | Get-ADPermission | where {$_.ExtendedRights -like "Send-As"} | fl *
Did you grant the on-prem users SEND AS to the on-prem remote mailbox as well?
Get-RecipientPermission -Identity "h.xxx@mathieu.company .de" | Format-List
RunspaceId : 802c5669-1d9c-4e29-be70-6c86f6319e33
Identity : Hannes xxx (C1)
Trustee : NT AUTHORITY\SELF
AccessControlType : Allow
AccessRights : {SendAs}
IsInherited : False
InheritanceType : None
TrusteeSidString : S-1-5-10
IsValid : True
ObjectState : New
RunspaceId : 802c5669-1d9c-4e29-be70-6c86f6319e33
Identity : Hannes xxx (C1)
Trustee : michaela.xxx-spaeth@mathieu.company .de
AccessControlType : Allow
AccessRights : {SendAs}
IsInherited : False
InheritanceType : None
TrusteeSidString : S-1-5-21-3951766799-3417088378-1086044615-3937159
IsValid : True
ObjectState : New
This is what I get, but it doesn't work.
The on-prem user however is located in a different directory than the 365 mailbox, so you need to grant the on-prem mailbox send as to the on-prem remote mailbox using powershell: