Send As Exchange Online Mailbox in Hybrid Exchange

Dieter Tontsch (GMail) 917 Reputation points
2021-09-14T12:22:13.157+00:00

We have an Exchange Hybrid model with most of the mailboxes on-premises and all accounts in local AD, synced to Azure via AADSync.
Now I do have two mailboxes online and want to grant other users (local AD and local mailbox) Send As privilege on these mailboxes.
This does work for me, but I am also some super administrator, at least i have several powerful admin roles, but it does not work for my regular users in charge.
I have granted mailbox delegation for "Read and manage" + "Send As" (not send on behalf), but every time they try to send out emails from their Outlook the get the message that they are not allowed to send on behalf of that recipient.
First of all, they shouldn't send on behalf (if I'd grant that permission that would work), but send as, and second are they missing some special role or something? Because, as I said, for me it works, for them, it doesn't.

I have also checked permission on the mailbox, it is about user Michaela, see attachment.

131899-sendas.png

This is a different screenshot, on another mailbox there is another user with same permissions, plus myself, how I am the only one which can send as.

Any idea? I have granted these permissions about 4 hours ago.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,322 questions
{count} votes

5 additional answers

Sort by: Most helpful
  1. Dieter Tontsch (GMail) 917 Reputation points
    2021-09-15T07:56:02.447+00:00

    Thanks Andy, this worked and yes, now, with the combination of adding delegate permission send as to the remote mailbox in O365 and granting AD-Permission on that Remote Mailbox to the on-prem AD Account, it works

    One can check if Send-As is assigned by firing this query:

    Get-RemoteMailbox xxx@company.de | Get-ADPermission | where {$_.ExtendedRights -like "Send-As"} | fl *
    
    1 person found this answer helpful.
    0 comments No comments

  2. Andy David - MVP 143.8K Reputation points MVP
    2021-09-14T12:44:45.833+00:00

    Did you grant the on-prem users SEND AS to the on-prem remote mailbox as well?


  3. Dieter Tontsch (GMail) 917 Reputation points
    2021-09-14T14:36:35.447+00:00

    Get-RecipientPermission -Identity "h.xxx@mathieu.company .de" | Format-List

    RunspaceId : 802c5669-1d9c-4e29-be70-6c86f6319e33
    Identity : Hannes xxx (C1)
    Trustee : NT AUTHORITY\SELF
    AccessControlType : Allow
    AccessRights : {SendAs}
    IsInherited : False
    InheritanceType : None
    TrusteeSidString : S-1-5-10
    IsValid : True
    ObjectState : New

    RunspaceId : 802c5669-1d9c-4e29-be70-6c86f6319e33
    Identity : Hannes xxx (C1)
    Trustee : michaela.xxx-spaeth@mathieu.company .de
    AccessControlType : Allow
    AccessRights : {SendAs}

    IsInherited : False
    InheritanceType : None
    TrusteeSidString : S-1-5-21-3951766799-3417088378-1086044615-3937159
    IsValid : True
    ObjectState : New

    This is what I get, but it doesn't work.

    0 comments No comments

  4. Andy David - MVP 143.8K Reputation points MVP
    2021-09-14T15:12:23.9+00:00

    The on-prem user however is located in a different directory than the 365 mailbox, so you need to grant the on-prem mailbox send as to the on-prem remote mailbox using powershell:

    https://learn.microsoft.com/en-us/Exchange/permissions#mailbox-permissions-and-capabilities-not-supported-in-hybrid-environments

    131908-image.png

    0 comments No comments