Additional Active Directory permissions required to change mailbox in on-premises Exchange

Symptoms

If you create a Distribution Group on one Microsoft Exchange Server, you cannot assign send-as or receive-as permissions to the group using the Add-ADPermission cmdlet from other Exchange Servers. You may encounter one of the following messages:

Copy

Active Directory operation failed on <computer.domain.com>. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : 5557AD82,Microsoft.Exchange.Management.RecipientTasks.AddADPermission

Copy

Active Directory operation failed on <DC name>. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03152857, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Resolution

Please read the following Microsoft article for the resolution: Access denied when you try to give user "send-as" or "receive as" permission for a Distribution Group in Exchange Server.

CayosoftAdministratorProduction.4.log-1174102284.zip
40 KB Download

Articles in this section

Additional Active Directory permissions required to change mailbox in on-premises Exchange

Additional Active Directory permissions required to change mailbox in on-premises Exchange

Symptoms

Resolution

Comments

Articles in this section

Additional Active Directory permissions required to change mailbox in on-premises Exchange

Symptoms

Resolution

Related articles