How to configure Helpdesk mailbox and delegate send behalf of rights to Distribution Group

Scenario:

Business needs to create mailbox called helpdesk to keep track of new helpdesk e-mail. The helpdesk consist of several team members and they all need to monitor helpdesk mail box and also send mail as helpdesk mailbox while the members logged into their own workstation.

If you like to download this document please click here

Steps:

Use GUI EMC (Console) to create desired mailboxes.

1. Helpdesk@telnet25.org ( mailbox)
   
2. Tier1@telnet25.org (mail enabled Universal Distribution Group) the reason why we are creating DL is to make all helpdesk team members to make a member of this DL called Tier1. This will give us ability to assign proper right to the Group and simply manage the rest of the operations by adding users in it.
   

Reference

Adding mailbox permission "helpdesk" for user "Tier1" with access rights "'FullAccess'

Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Removing mailbox permission "helpdesk" for user "Tier1" with access rights "'FullAccess'"

Remove-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Adding Active Directory permission "helpDesk" for user "Tier1" with access rights "'all'".

Add-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

Remove-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

Add-ADPermission helpDesk -ExtendedRights all -User Tier1

Removing Active Directory permission "helpDesk" for user "Tier1" with access rights "'all'".

Remove-ADPermission helpDesk -ExtendedRights all -User Tier1

Adding Active Directory permission "helpDesk" for user "Tier1" with access rights "'send-as'".

This also adds send as rights on the Helpdesk mailbox for Tier 1 Group. Initially if you go to exchange server and open EMC, find the Helpdesk mail enables user account, right click, pick send as permissions and assign it to Tier1 Group, you will notice the AD object will get the same effects and send as right will be give to Tier1 group on Helpdesk object. Below command achieves same results from EMS.

Add-ADPermission helpDesk -ExtendedRights send-as -User Tier1

Removing Active Directory permission "helpDesk" for user "Tier1" with access rights "'send-as'".

This also removes send as rights on the Helpdesk mailbox for Tier 1 Group

Remove-ADPermission helpDesk -ExtendedRights send-as -User Tier1

Finally we will set Grand Send on Behalf right to Tier1 group for helpdesk mailbox.

Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

Another example assigning Grand Send on behalf right to another mail enabled user.

Set-Mailbox –ID HelpDesk –GrantSendOnBehalfTo Someuser

Remove-MailboxPermission -ID helpdesk -User Tier1 -AccessRights FullAccess

Step one:

Make sure you have already created helpdesk mail box as well as mail enabled group called Tier1 (Change the names as you wish). Also make sure you have added appropriate members into Tier1 mail enabled group.

• Open EMS
  
• Type or copy & paste below command.
  
• As you can see after this command is issues, members of Tier1 Group will be able to bring helpdesk mailbox as additional mailbox on to their outlook shown below.
  

Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Adding Mailbox Permission, we mailbox called Helpdesk and Mail Enabled Universal Security Group called Tier1. The command below will add Full access rights to Helpdesk for Tier1 Mail Enabled Universal Security Group.

Note: If your account is member of Tier1 Group you will be able to log in to outlook as yourself and by going properties of your mailbox (where your name appears within the outlook) and add Helpdesk mailbox as second mailbox to your own, so that you can monitor it.

This is also useful to troubleshoot a user problem, assign the rights to yourself and Plug the trouble mailbox to your own and when you are done remove the rights.

• Properties
  
• Advance
  
• Advance
  
• Click Add
  
• Type the name of the mailbox (Helpdesk)
  
• Click Ok two times to get out
  
  

  
  Remember this does not grand the Tier1 Group send as helpdesk mailbox and most likely the person who monitors this mailbox will need ability to "send as" Helpdesk while they logged in as themselves. If you try to send mail as if coming from helpdesk you will receive
  

• 
  

"You don't have the permission to send the message on behalf of the specific user"

Step 2:
AD Send as Permission ON AD object as well as Mailbox itself

Add-ADPermission helpdesk -ExtendedRights send-as -user tier1

Remove AD Send as permission.

Remove-ADPermission helpdesk -ExtendedRights receive-as -user tier1

Note: This command will modify AD Object permissions for helpdesk mailbox as well as Exchange mailbox rights as it is shown below windows.

To see AD rights from command line

Get-ADPermission HelpDesk fl

Step 3

Easiest way is to login to any workstation as Helpdesk. Configure Outlook mapi profile for HelpDesk.

Within the outlook

• Tools
  
• Options
  
• Delegates
  
• Click Add
  
• Add Tier1 Group and give Proper permissions
  

  
  

Note:

Note: remember we are assigning Send behalf rights to a mail enabled Group in this example

• Use following cmdlet to assign Send behalf rights to a mail enabled Group
• Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

• Use below cmdlet to verify that the mailbox permissions
• Get-MailboxPermission -Identity HelpDesk -User Tier1

Oz ozugurlu

Oz ozugurlu MVP (Exchange)

MCITP (EMA), MCITP (EA) MCITP (SA),

MCSE (M+, S+) MCDST,

Security+, Server +, Project+

Blog: smtp25.blogspot.com

Blog: telnet25.wordpress.com