Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
Super Contributor
DigitalFrog
Posts: 250
Registered: ‎04-01-2008
My Device: Z10

Easier solution to the Send As problem

For those that have run into the problem with the Send As permission being revoked on some accounts after installing the Microsoft security path (see KB04707 - http://www.blackberry.com/btsc/articles/157/KB04707_f.SAL_Public.html), here is a simpler solution that seems to work for us. 

 

The primary cause of the problem is that Microsoft no longer allows accounts with any kind of domain privileges (eg. domain admins, queue operators, etc.) to give Send As permission to an different account.  Even if you add the BESAdmin account to the security tab for the mailbox and give it Send As permission, that permission will disappear, usually within the hour.  Microsoft recommends using separate accounts for doing admin work and everyday email (which is a GOOD idea for Domain Admins, but can be a pain for the lower levels still affected by this), create a dummy owner account to hold the mailbox and give full rights to the admin account, or modify the adminSDHolder object in Active Directory (not recommended).

 

An easier solution is to:

Open the properties for the affected account in Active Directory

On the Exchange General tab, click the Delivery Options button

Add the user's own account name to the Send on behalf permissions list.

 

This list appears to be unaffected by the Microsoft security change, and since you are sending on behalf of yourself Exchange does not bother to add the usual sent by line to your message.

 

 

posted by DigitalFrog
________________________________
WARNING: May contain traces of nuts.
Contributor
Wildfire
Posts: 11
Registered: ‎04-01-2008
My Device: Not Specified

Re: Easier solution to the Send As problem

But then won't all your emails be from "BESAdmin on behalf of User Name"?
Contributor
JBarsodi
Posts: 15
Registered: ‎04-01-2008
My Device: Not Specified

Re: Easier solution to the Send As problem

Yep.  You should follow Microsoft and RIM guidance on this.
___________________________________________________
BB4Life, because that's how I roll.
Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Easier solution to the Send As problem

This is a bad idea. ... You should follow both RIM's and Microsoft's recommendation.
------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
Retired
TheOracle
Posts: 79
Registered: ‎04-01-2008
My Device: Not Specified

Re: Easier solution to the Send As problem

The supported solution to this problem has been available from both Microsoft and RIM for quite a while. I recommend sticking with what has been published by both Microsoft and RIM, as the workaround provided by the original poster includes the side affect mentioned by some of the subsequent posters.

 

Here is the link to the information published by RIM:

http://www.blackberry.com/sendas

New Contributor
rekraine
Posts: 4
Registered: ‎04-02-2008
My Device: Not Specified

Re: Easier solution to the Send As problem

walk through for this : link
Super Contributor
DigitalFrog
Posts: 250
Registered: ‎04-01-2008
My Device: Z10

Re: Easier solution to the Send As problem

Nope, you misread - you add the User's name to the send on behalf of.  So you put John Doe in the send on behalf of list for John Doe.  It seems odd, but it works like a charm.

 

I do agree that user accoutns and admin accounts should be kept separate, as Microsoft recommends, but when that is not possible or preferred, this seems to fix the issue.

posted by DigitalFrog
________________________________
WARNING: May contain traces of nuts.
Retired
TheOracle
Posts: 79
Registered: ‎04-01-2008
My Device: Not Specified

Re: Easier solution to the Send As problem


DigitalFrog wrote:

Nope, you misread - you add the User's name to the send on behalf of.  So you put John Doe in the send on behalf of list for John Doe.  It seems odd, but it works like a charm.

 

I do agree that user accoutns and admin accounts should be kept separate, as Microsoft recommends, but when that is not possible or preferred, this seems to fix the issue.


Unfortunately though, this solution is not scalable when you have thousands of users. It's greatly appreciated that you have posted an alternate method of working through the problem but the preferred choice should be the one that is recommended by both vendors.
New Contributor
gmanslater
Posts: 7
Registered: ‎04-27-2008
My Device: Not Specified

Re: Easier solution to the Send As problem

I agree that the published way works and is the supported/approved method. So best to use. But I think this is where you are missing the point:


TheOracle wrote:

Unfortunately though, this solution is not scalable when you have thousands of users. ...

You don't change AdminSDHolder for "thousands of users" (hopefully - if so you really have issues) only protected accounts. This would be a good TEMP fix for a few admin accounts until the preferred solution (i.e. not using a mail-enabled protected account) could be properly implemented.