Welcome!

Welcome to the Official BlackBerry Support Community Forums. This is your resource to discuss support topics with your peers, and learn from each other. New to the forum? Please visit the ‘Getting Started’ link below.
All New Topics | All New Posts
inside custom component

BlackBerry® Enterprise Solution

Reply
Topic Options
Trusted Contributor
DigitalFrog
Posts: 249
Registered: ‎04-01-2008
My Carrier: Telus

Easier solution to the Send As problem

Options

‎04-01-2008 04:04 PM

For those that have run into the problem with the Send As permission being revoked on some accounts after installing the Microsoft security path (see KB04707 - http://www.blackberry.com/btsc/articles/157/KB04707_f.SAL_Public.html), here is a simpler solution that seems to work for us. 

 

The primary cause of the problem is that Microsoft no longer allows accounts with any kind of domain privileges (eg. domain admins, queue operators, etc.) to give Send As permission to an different account.  Even if you add the BESAdmin account to the security tab for the mailbox and give it Send As permission, that permission will disappear, usually within the hour.  Microsoft recommends using separate accounts for doing admin work and everyday email (which is a GOOD idea for Domain Admins, but can be a pain for the lower levels still affected by this), create a dummy owner account to hold the mailbox and give full rights to the admin account, or modify the adminSDHolder object in Active Directory (not recommended).

 

An easier solution is to:

Open the properties for the affected account in Active Directory

On the Exchange General tab, click the Delivery Options button

Add the user's own account name to the Send on behalf permissions list.

 

This list appears to be unaffected by the Microsoft security change, and since you are sending on behalf of yourself Exchange does not bother to add the usual sent by line to your message.

 

 

posted by DigitalFrog
________________________________
WARNING: May contain traces of nuts.
Report Inappropriate Content
Message 1 of 9 (10,623 Views)
Reply
0 Likes
Please use plain text.
 
Wildfire
Contributor
Wildfire
Posts: 11
Registered: ‎04-01-2008

Re: Easier solution to the Send As problem

Options

‎04-01-2008 07:14 PM

But then won't all your emails be from "BESAdmin on behalf of User Name"?
Report Inappropriate Content
Message 2 of 9 (10,569 Views)
Reply
0 Likes
Please use plain text.
 
JBarsodi
Contributor
JBarsodi
Posts: 15
Registered: ‎04-01-2008

Re: Easier solution to the Send As problem

Options

‎04-01-2008 07:25 PM

Yep.  You should follow Microsoft and RIM guidance on this.
___________________________________________________
BB4Life, because that's how I roll.
Report Inappropriate Content
Message 3 of 9 (10,563 Views)
Reply
0 Likes
Please use plain text.
 
Forums Veteran II
Forums Veteran II
AndyDufresne
Posts: 2,745
Registered: ‎04-01-2008

Re: Easier solution to the Send As problem

Options

‎04-01-2008 07:36 PM

This is a bad idea. ... You should follow both RIM's and Microsoft's recommendation.
------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
Report Inappropriate Content
Message 4 of 9 (10,557 Views)
Reply
0 Likes
Please use plain text.
 
BlackBerry Technical Advisor
BlackBerry Technical Advisor
TheOracle
Posts: 79
Registered: ‎04-01-2008

Re: Easier solution to the Send As problem

Options

‎04-01-2008 09:39 PM

The supported solution to this problem has been available from both Microsoft and RIM for quite a while. I recommend sticking with what has been published by both Microsoft and RIM, as the workaround provided by the original poster includes the side affect mentioned by some of the subsequent posters.

 

Here is the link to the information published by RIM:

http://www.blackberry.com/sendas

Report Inappropriate Content
Message 5 of 9 (10,518 Views)
Reply
0 Likes
Please use plain text.
 
rekraine
New Contributor
rekraine
Posts: 4
Registered: ‎04-02-2008

Re: Easier solution to the Send As problem

Options

‎04-02-2008 09:10 PM

walk through for this : link
Report Inappropriate Content
Message 6 of 9 (10,435 Views)
Reply
0 Likes
Please use plain text.
 
Trusted Contributor
DigitalFrog
Posts: 249
Registered: ‎04-01-2008
My Carrier: Telus

Re: Easier solution to the Send As problem

Options

‎04-03-2008 06:08 PM

Nope, you misread - you add the User's name to the send on behalf of.  So you put John Doe in the send on behalf of list for John Doe.  It seems odd, but it works like a charm.

 

I do agree that user accoutns and admin accounts should be kept separate, as Microsoft recommends, but when that is not possible or preferred, this seems to fix the issue.

posted by DigitalFrog
________________________________
WARNING: May contain traces of nuts.
Report Inappropriate Content
Message 7 of 9 (10,401 Views)
Reply
0 Likes
Please use plain text.
 
BlackBerry Technical Advisor
BlackBerry Technical Advisor
TheOracle
Posts: 79
Registered: ‎04-01-2008

Re: Easier solution to the Send As problem

Options

‎04-04-2008 11:30 AM

DigitalFrog wrote:

Nope, you misread - you add the User's name to the send on behalf of.  So you put John Doe in the send on behalf of list for John Doe.  It seems odd, but it works like a charm.

 

I do agree that user accoutns and admin accounts should be kept separate, as Microsoft recommends, but when that is not possible or preferred, this seems to fix the issue.

Unfortunately though, this solution is not scalable when you have thousands of users. It's greatly appreciated that you have posted an alternate method of working through the problem but the preferred choice should be the one that is recommended by both vendors.
Report Inappropriate Content
Message 8 of 9 (10,367 Views)
Reply
0 Likes
Please use plain text.
 
gmanslater
New Contributor
gmanslater
Posts: 7
Registered: ‎04-27-2008

Re: Easier solution to the Send As problem

Options

‎04-28-2008 01:28 PM

I agree that the published way works and is the supported/approved method. So best to use. But I think this is where you are missing the point:

TheOracle wrote:

Unfortunately though, this solution is not scalable when you have thousands of users. ...

You don't change AdminSDHolder for "thousands of users" (hopefully - if so you really have issues) only protected accounts. This would be a good TEMP fix for a few admin accounts until the preferred solution (i.e. not using a mail-enabled protected account) could be properly implemented.

 

 

Report Inappropriate Content
Message 9 of 9 (10,157 Views)
Reply
0 Likes
Please use plain text.