Back to Blog

Exchange 2010 Public Folders and How to Manage the Send As Issue

Image of Theresa Miller
Theresa Miller
Exchange 2010 Public Folders

Exchange 2010 Public Folders allow your administrators the ability to grant specific users the ability to send mail on behalf of a mail-enabled public folder.

Before we look at the Manage Send As issue, let’s take a look at how an Exchange or Security administrator would adjust the mail-enabled Public Folder Send As Permissions.

Manage Send As Permissions

How to Manage the Public Folder Send As Permissions

  1. Open the Exchange Management Console
  2. Click the + to the left of Microsoft Exchange On-Premises
  3. Click the Tool Box
  4. Double-click Public folder Management Console
  5. Select the public folder that you would like to adjust the Send As Permissions on
  6. On the right-hand side of the screen choose Manage Send As Permission

Folder Console 2

  1. If all goes well then the wizard screen shown below would be completed without any errors, but in this case we were not so lucky. After adding a new user or group to the public folder Manage Send As we received the following error on our screen:

Manage Permission 3

 

Issue
The following error appears when adding a user to be able to Manage Send As despite the fact that you are the Super Duper Exchange Administrator for your environment. Even your service account will return the same error.

Error:
Active Directory operation failed on domaincontroller.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.3.158.1&t=exchgf1&e=ms.exch.err.Ex6AE46B

Exchange Management Shell command attempted:
Add-ADPermission -Identity 'CN=PublicFolderName,CN=Microsoft Exchange System Objects,DC=domain,DC=com’ -User 'domain\userid' -ExtendedRights 'Send As'

 

Under what circumstances will this error occur?

Basically, there are two scenarios that will generate this error. One is that the Owner set on the public folder is not correct. If your environment has been upgraded from previous versions of Exchange you may see an object GUID listed as shown below instead of an Exchange server name.


Exchange Security 4
The second scenario in which you will receive this error is when the owner is set to one of the Exchange servers in your environment, but you attempt to manage the Send As permissions from a different server in your production environment. Both of these situations will generate the above error on a mail-enabled public folder.

How to check the Public Folder Ownership settings
Before we can adjust the Ownership, we need to know how to find out how the ownership is set. We will learn if the owner is incorrectly set with a GUID or an Exchange Server Name that is different than the server you are managing your public folder permissions. For this will need ADSIEDIT downloaded and installed on your workstation and will need access to Active Directory Users and computers.

Note: If you do not have ADSIEDIT installed here is an article that can help you get started installing ADSIEDIT.

  1. Open ADSIEDIT
  2. Connect to the “Default Naming Context” for your domain
  3. Expand DC=domain,DC=com,CN=Microsoft Exchange System Objects
  4. Find your Mail-Enabled Public Folder, then right-click and choose properties

CN Test Folder 6

  1. Click the Security Tab and then click the Advanced button

CN Folder Properties 7

  1. Click the Owner Tab
  2. Then click the Other Users or Groups Button

Advanced Security 8

Resolution Option 1 – Mail Disable/Mail Enable the public folder
This is only a good option and is best suited for an organization that plans to always manage public folders from the same server all the time. This method will apply the name of the Exchange server that was being used to mail disable/mail enable the public folder you are working with. While this resets the owner of the public folder, it will specifically be set to that individual server. If management will occur across multiple Exchange servers then the permissions error will resurface. Here are the steps to mail-disable and mail-enable your public folder.

  1. Open the Exchange Management Console
  2. Click the + to the left of Microsoft Exchange On-Premises
  3. Click the Tool Box
  4. Double-click Public folder Management Console
  5. Select the public folder that you would like to Mail Disable and then on the right-hand side of the screen choose Mail Disable
  6. Click Yes

Mail Disable 9

  1. Mail Enable the public folder by clicking on Mail Enable

Mail Enable 10

Resolution Option 2 – Use ADSIEDIT to set the Folder Ownership to Exchange Servers
Earlier in this article we talked about how to use ADSIEDIT to check what the current folder owner is. You will only use resolution option 2 if your organization manages public folders from multiple exchange servers. Here are the steps to set the current owner to Exchange servers:


Current Owner 11

  1. Open ADSIEDIT
  2. Connect to the “Default Naming Context” on your domain
  3. Expand DC=domain,DC=com,CN=Microsoft Exchange System Objects
  4. Find your Mail-Enabled Public Folder, then right-click and choose properties

describe the image

  1. Click the Security Tab and then click the Advanced button

CN Folder Properties 7

  1. Click the Owner Tab
  2. Then click the Other Users or Groups Button

Advanced Security 8

  1. Browse and select Exchange Servers and click OK

Object Type

  1. Click the Apply Button and Click OK

Computer configuration window
Summary
As discussed in the article above, if you have upgraded from previous versions of Exchange you may have issues managing the Send As permissions on your mail-enabled public folders. This article should provide you with the insight to resolve this issue as it applies to your environment.

Get proactive with Exchange Management – Trial the Mailscape Monitoring & Reporting Dashboard.

 

 


Exchange 2010

Issue With Assigning Exchange 2010 Role-Assignment Policies

Image of Theresa Miller
Theresa Miller

Have you ever needed to change your Default Role Assignment Policy in Exchange 2010 through...

Read more
Exchange 2010 Attributes

How to Add an Exchange 2010 Custom Attribute using PowerShell

Image of Theresa Miller
Theresa Miller

Every mailbox object in Exchange has a series of fields called custom attributes. These can be...

Read more