"Send on behalf" and two forests

Discussion:

(too old to reply)

2008-12-08 14:26:43 UTC

UserA logs in to DomainA. He can access his mailbox fine.

UserA then logs in as UserB in Domain B. Domain A and Domain B are in
separate forests, with a two-way external trust set up. Exchange 2000 is
installed in Domain A, Exchange 2007 is installed in Domain B.

The user wants to access his UserA mailbox while logged in as UserB.
UserB has been given full access rights to UserA's mailbox. Reading email is
fine.

When trying to send email, Outlook gives a message that UserB cannot send on
behalf of UserA. If the DomainA admin tries to add UserB's mailbox to the
Send On Behalf list, the result is an error:
"A constraint violation occurred. Facility: LDAP provider. ID no: 8007202f.
Microsoft Active Directory - Exchange Extension."

How to fix?

Many thanks

Pete

Lanwench [MVP - Exchange]

2008-12-08 14:31:27 UTC

Permalink

Post by PM
UserA logs in to DomainA. He can access his mailbox fine.
UserA then logs in as UserB in Domain B. Domain A and Domain B are in
separate forests, with a two-way external trust set up. Exchange 2000
is installed in Domain A, Exchange 2007 is installed in Domain B.
The user wants to access his UserA mailbox while logged in as UserB.
UserB has been given full access rights to UserA's mailbox. Reading
email is fine.
When trying to send email, Outlook gives a message that UserB cannot
send on behalf of UserA. If the DomainA admin tries to add UserB's
8007202f. Microsoft Active Directory - Exchange Extension."
How to fix?
Many thanks
Pete

Grant UserB 'send as' rights to User A's mailbox. Or just configure Outlook
for User B so that it prompts for credentials, and connects using User A's
credentials.

2008-12-09 08:56:09 UTC

Permalink

Post by Lanwench [MVP - Exchange]

Grant UserB 'send as' rights to User A's mailbox.

Thanks - that worked! I missed that setting because it is not in the
Exchange tabs.

Pete

Lanwench [MVP - Exchange]

2008-12-10 00:44:49 UTC

Permalink

Post by PM

Post by Lanwench [MVP - Exchange]

Post by PM
UserA logs in to DomainA. He can access his mailbox fine.
UserA then logs in as UserB in Domain B. Domain A and Domain B are
in separate forests, with a two-way external trust set up. Exchange
2000 is installed in Domain A, Exchange 2007 is installed in Domain
B.
The user wants to access his UserA mailbox while logged in as UserB.
UserB has been given full access rights to UserA's mailbox. Reading
email is fine.
When trying to send email, Outlook gives a message that UserB cannot
send on behalf of UserA. If the DomainA admin tries to add UserB's
8007202f. Microsoft Active Directory - Exchange Extension."
How to fix?
Many thanks
Pete

Grant UserB 'send as' rights to User A's mailbox.

Thanks - that worked! I missed that setting because it is not in the
Exchange tabs.
Pete

Which one, just out of curiosity? I'd personally go for 'option B' and have
Outlook prompt the user for credentials. Keeps things simpler.

2008-12-10 09:54:00 UTC

Permalink

Post by Lanwench [MVP - Exchange]

Post by PM

Post by Lanwench [MVP - Exchange]

Post by PM
UserA logs in to DomainA. He can access his mailbox fine.
UserA then logs in as UserB in Domain B. Domain A and Domain B are
in separate forests, with a two-way external trust set up. Exchange
2000 is installed in Domain A, Exchange 2007 is installed in Domain
B.
The user wants to access his UserA mailbox while logged in as
UserB. UserB has been given full access rights to UserA's mailbox.
Reading email is fine.
When trying to send email, Outlook gives a message that UserB
cannot send on behalf of UserA. If the DomainA admin tries to add
8007202f. Microsoft Active Directory - Exchange Extension."
How to fix?
Many thanks
Pete

Grant UserB 'send as' rights to User A's mailbox.

Thanks - that worked! I missed that setting because it is not in the
Exchange tabs.
Pete

Which one, just out of curiosity? I'd personally go for 'option B'
and have Outlook prompt the user for credentials. Keeps things
simpler.

Grant UserB 'send as' rights to User A's mailbox.

This is the best option for me because we're moving our whole system to a
new forest, there will be a period of time when the users log in to the new
domain/forest but Exchange is still on the old system.

Lanwench [MVP - Exchange]

2008-12-10 14:44:46 UTC

Permalink

Post by Lanwench [MVP - Exchange]

Post by PM

Post by Lanwench [MVP - Exchange]

Post by PM
UserA logs in to DomainA. He can access his mailbox fine.
UserA then logs in as UserB in Domain B. Domain A and Domain B are
in separate forests, with a two-way external trust set up.
Exchange 2000 is installed in Domain A, Exchange 2007 is
installed in Domain B.
The user wants to access his UserA mailbox while logged in as
UserB. UserB has been given full access rights to UserA's mailbox.
Reading email is fine.
When trying to send email, Outlook gives a message that UserB
cannot send on behalf of UserA. If the DomainA admin tries to add
UserB's mailbox to the Send On Behalf list, the result is an
error: "A constraint violation occurred. Facility: LDAP provider.
ID no: 8007202f. Microsoft Active Directory - Exchange Extension."
How to fix?
Many thanks
Pete

Grant UserB 'send as' rights to User A's mailbox.

Thanks - that worked! I missed that setting because it is not in the
Exchange tabs.
Pete

Which one, just out of curiosity? I'd personally go for 'option B'
and have Outlook prompt the user for credentials. Keeps things
simpler.

Grant UserB 'send as' rights to User A's mailbox.
This is the best option for me because we're moving our whole system
to a new forest, there will be a period of time when the users log in
to the new domain/forest but Exchange is still on the old system.

OK - gotcha.