Tags

, , ,


Here we are going to see how Send-As and Send on Behalf permission works with restricted distribution group. Before getting into that let’s see what is Send-As and Send on Behalf.

What is Send-As?

Use Send As permissions to configure a mailbox so that users other than the mailbox owner can use that mailbox to send messages. After this permission is granted, any messages that are sent from the mailbox will appear as if they were sent by the mailbox owner.

How to give Send-As permission using Powershell:

Add-ADPermission “Kottees” -User “MyDomain\Johndoe” -Extendedrights “Send As”

I’ve given send-as permission to Johndoe for Kottees mailbox and also trying to send mail to Administrator from Johndoe mailbox by keeping Kottees in from field.

If you look at the administrator mailbox below the message looks like it came directly from Kottees.

What is Send on Behalf?

Granting the Send on Behalf permission to other recipients allows those recipients to send e-mail messages on behalf of a mailbox user. Specifically, recipients who are granted this permission can enter the mailbox user’s name in the from field for the messages that they send

How to give Send on Behalf permission using Powershell:

Set-Mailbox “Kottees” -GrantSendOnBehalfTo “MyDomain\Johndoe”

I’ve given send on behalf permission to Johndoe for Kottees mailbox and also trying to send mail to Administrator from Johndoe mailbox by keeping Kottees in from field.

If you look at the administrator mailbox below the message looks like it came from JohnDoe on behalf of Kottees.

So far we have seen how Send-As and Send on Behalf permissions works.

Now we are going to see how these permissions works with restricted distribution groups.

Scenario 1:

Manager : Kottees    – Has permission to send mail to Mygroup01 directly        Assistant : John Doe – Has Send As permission to Kottees but doesn’t have direct  permission to send mail to MyGroup01

Group     : MyGroup01    – Restricted Group

The below picture shows MyGroup01 only accept messages from Kottees

When John Doe is trying to send an email to this group the mail tips shows “You don’t have permission to send to MyGroup01”

But still I’m sure they will try it out by sending an email, this is what they get.

But what happen if John Doe is trying to send mail to this group keeping his manager in from field, remember that John Doe doesn’t have direct access to this group. Let’s see what happens.

Result: Success, as you can see administrator has got an email who is part MyGroup01

Scenario 2:

Manager : Kottees    – Has permission to send mail to Mygroup01 directly        Assistant : John Doe – Has send on behalf permission to Kottees but doesn’t have direct permission to send mail to MyGroup01

Group     : MyGroup01    – Restricted Group

Here John Doe is trying to send mail to this group keeping his manager in from field, remember that John Doe doesn’t have direct access to this group. Let’s see what happens.

Result: Failure

Conclusion:

  • Assistant can send mail to restricted DL if he has Send-As permission to Manager who is having permission for that particular DL
  • Assistant cannot send mail to restricted DL if he has Send on Behalf permission to Manager who is having permission for that particular DL

Thanks for reading, Cheers!!!

Advertisements