Skip to main content

Articles in this section

See more
Print

How to add Send As permission to Active Directory Distribution List that was once (or still is) a member of a protected group

  • Updated

How to add Send As permission to Active Directory Distribution List that was once (or still is) a member of a protected group

Applies to: Cayosoft Administrator 10.3 or later.

Summary: This article contains step-by-step instructions on adding the Send As permission to the Active Directory Distribution List, which was once (or still is) a protected group member.

Issue

If you add a user as a SendAs delegate to a Distribution List that was once (or still is) a member of a protected group you will get this error:

Active Directory operation failed on <computer.domain.com>. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-03152DB2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.

Overview

If a user or a group is a member of an Active Directory protected group then when the SDProp process runs every hour it changes this user or group. Learn more in Protected Accounts and Groups in Active Directory - SDProp.

  1. The adminCount attribute is set to 1.

  2. In the Access Control List inheritance gets disabled.

After that, it is impossible to add a user as a SendAs delegate to a Distribution List using AD native tools or the Web Portal.

Resolution

Remove the Distribution List from the protected group, clear the adminCount attribute and restore defaults for the Advanced Security Settings.

 

  1. In ADUC, open Distribution List Properties > Member Of.

  2. Remove the Distribution List from protected groups.

  3. In ADUC, open Distribution List Properties > Attribute Editor.

  4. Double-click the adminCount attribute, and clear it.

  5. Save changes.

  6. Open Distribution List Properties > Security > Advanced.

  7. On the Advanced Security Settings click Restore Defaults.

  8. Save changes.

 

Add the Send As permission manually in ADUC.

  1. In ADUC, open Distribution List Properties > Security > Advanced.

  2. Click Add.

  3. Click Select Principal and specify the user to add Send As permission.

  4. Scroll down the Permissions and Properties list and click Clear All.

  5. Go back to the Permissions list and check Send As.

  6. Click OK.

  7. Save changes.

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.