Exchange 2010: How to Grant Send on Behalf Permissions for a Distribution Group

Posted: 29 Mayıs 2013 in Exchange

In some Exchange 2010 environments it is desirable to allow users to send email on behalf of a distribution group. However unlike for mailboxes, the Exchange Management Console doesn’t provide an option to grant this permission.

Note: this tutorial is for “send on behalf” permissions. If you’re looking for “send as” permissions go here instead.

To enable send on behalf permissions for a distribution group you need to use the Exchange Management Shell.  Launch the shell and use the Set-DistributionGroup command to set the permissions, for example:

Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo alan.reid

Alan Reid can now use the From field in an Outlook message to send on behalf of the Sales Team group.

Sending on Behalf of a Distribution Group

This is what the message will look like for the recipient.

A message sent on behalf of a distribution group

If they reply to the message it will go to the Sales Team distribution group, not the individual sender.

Replies go to the distribution group, not the individual sender

Alternatively you can grant the send on behalf permission to all members of the group, which can save on administrative effort over time if all group members should be allowed to send of behalf of the group they are in.

Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo "Sales Team"

Adding Additional Users or Groups to Send on Behalf Permissions

It is important to realise though that this setting is easy to overwrite if you try to add another user or group when there is already one that has been granted send on behalf permissions.

To demonstrate, here is the distribution group with the Sales Team granted send of behalf permissions.

[PS] C:\>Get-DistributionGroup "Sales Team" | fl name,grant*

Name                : Sales Team
GrantSendOnBehalfTo : {exchangeserverpro.net/Company/Groups/Sales Team}

Now if I use the same command as shown earlier to grant another group send on behalf permissions, it overwrites the existing setting instead of appending it.

[PS] C:\>Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo "Branch Office Team"

[PS] C:\>Get-DistributionGroup "Sales Team" | fl name,grant*

Name                : Sales Team
GrantSendOnBehalfTo : {exchangeserverpro.net/Company/Groups/Branch Office Team}

Instead we need to use a different method to add additional users or groups to the send on behalf permissions.

First, read the existing settings into a variable.

[PS] C:\>$a = Get-DistributionGroup "Sales Team"

Next, read the new group into a second variable.

[PS] C:\>$b = Get-DistributionGroup "Branch Office Team"

If you were adding an individual user you would just use Get-User instead of Get-DistributionGroup.

Then, append the distinguished name of the second group into the GrantSendOnBehalfTo value from the first group.

[PS] C:\>$a.GrantSendOnBehalfTo += $b.DistinguishedName

Finally, set the new value on the first group.

[PS] C:\>Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

You can see now that both the Sales Team and Branch Office Team now have send on behalf permissions to the Sales Team distribution group.

[PS] C:\>Get-DistributionGroup "Sales Team" | fl name,grant*

Name                : Sales Team
GrantSendOnBehalfTo : {exchangeserverpro.net/Company/Groups/Sales Team,
exchangeserverpro.net/Company/Groups/Branch Office Team}

Removing Users or Groups from Send on Behalf Permissions

To remove one of the users or groups from having send on behalf permissions we use a similar process as we used to add them.

First, read the current setting into a variable.

[PS] C:\>$a = Get-DistributionGroup "Sales Team"

You can now see the distinguished names of the users or groups that currently have permissions.

[PS] C:\>$a.GrantSendOnBehalfTo | fl distinguishedname

DistinguishedName : CN=Sales Team,OU=Groups,OU=Company,DC=exchangeserverpro,DC=net

DistinguishedName : CN=Branch Office Team,OU=Groups,OU=Company,DC=exchangeserverpro,DC=net

Remove the one that you don’t want any more.

[PS] C:\>$a.GrantSendOnBehalfTo -= "CN=Branch Office Team,OU=Groups,OU=Company,DC=exchangeserverpro,DC=net"

Now apply the new setting to the distribution group.

[PS] C:\>Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

You can see that the Branch Office Team has been removed from the send on behalf permissions.

[PS] C:\>Get-DistributionGroup "Sales Team" | fl name,grant*

Name                : Sales Team
GrantSendOnBehalfTo : {exchangeserverpro.net/Company/Groups/Sales Team}

Finally, if you want to remove all send on behalf permissions from a group you can run this command.

[PS] C:\>Set-DistributionGroup "Sales Team" -GrantSendOnBehalfTo $null

[PS] C:\>Get-DistributionGroup "Sales Team" | fl name,grant*

Name                : Sales Team
GrantSendOnBehalfTo : {}

Bir Cevap Yazın

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın:

WordPress.com Logosu

WordPress.com hesabınızı kullanarak yorum yapıyorsunuz. Log Out / Değiştir )

Twitter resmi

Twitter hesabınızı kullanarak yorum yapıyorsunuz. Log Out / Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Log Out / Değiştir )

Google+ fotoğrafı

Google+ hesabınızı kullanarak yorum yapıyorsunuz. Log Out / Değiştir )

Connecting to %s