I still see quite a few posts in the various newsgroups, forums and mailing lists that I participate in asking for clarification on how to send messages such that they appear to come from another user, distribution group or even a public folder. In particular, there is usually some confusion surrounding the difference between the Send As and Send on Behalf of permissions. Hopefully this article will clear a few things up.
The example that I usually like to use is one of a manager/assistant relationship, where the assistant has to send messages either directly as the manager, or on behalf of the manager. Let’s look at the first scenario where the assistant has to send messages directly as the manager.
Being able to send messages directly as the manager means that the recipient of the message will think that the manager has sent the message, even though it was actually the assistant that sent it. The key to achieving this process is the Send As permission. This is an Active Directory permission that is granted by the system administrator; it cannot be granted from within Outlook. To grant the Send As permission, the administrator needs to perform the following steps:
- Run the Active Directory Users and Computers snap-in.
- Click the View menu and then make sure that the Advanced Features option is selected. This will make sure you see the Security tab referenced later in step 4.
- Locate the relevant user account, in this case the manager’s user account, and bring up its properties.
- Go to the Security tab and click the Add button.
- Add in the assistant’s account that you’d like to send as the manager and make sure that you grant the assistant’s account the Send As right. This is shown in Figure 1.
Figure 1: Granting Send As Rights
Making these changes will allow the assistant to use the From field in Outlook and choose the manager’s mailbox as the sending mailbox. This is shown below in Figure 2. If you don’t see the From field when composing a new message in Outlook, click the View / From Field option in the new message window. This applies to Outlook 2003. For Outlook 2007 (beta 2 for this article), you’ll find the Show From button on the Options tab of the ribbon.
Figure 2: Using Outlook’s From Field
However, it’s important to note that it can take a while, possibly up to two hours, for the permissions changes to take effect which has proved to be the source of much frustration amongst Exchange administrators. Once the permissions changes have been made and the Outlook From field completed, it’s quite common for the assistant to receive a non-delivery report just after sending the message. These non delivery reports will look like the sample one shown below in Figure 3:
Figure 3: Permissions Failure Non-Delivery Report
Of course, the key wording above is the line that reads You do not have permission to send to this recipient. Is it possible to speed up this permissions change process? Well, I haven’t been able to get someone from Microsoft to confirm this, but I believe it’s possible via the Mailbox Cache Age Limit registry key documented in KB article 327378. The KB article mentions changing the Mailbox Cache Age Limit registry key, which according to the article is used to re-read logon quota information. In my experience, modifying this key (or creating it if it doesn’t exist) with a suitable value, in minutes, speeds up the permissions change process. Note that you must restart the Information Store service after modifying this registry key. The general consensus of opinion here is not to make this value too low; a sensible value is 15 minutes. The alternative to creating or modifying this registry key is to simply re-start the Information Store service, which appears to make the permissions changes take effect immediately. Of course, restarting the Information Store service is rarely practical during business hours and you may also not prefer to go poking around in the registry, so you can also choose to wait for the permissions to be re-read at the next interval, which, as stated earlier, could be up to 2 hours.
Once the permissions have been granted and successfully taken effect, the assistant can send the message as normal. What does the recipient of the message actually see? Quite simply, the recipient will not be able to tell that it was the assistant who actually sent this message as it will appear just as if the manager had sent it. We’ll talk about another method, the Send on Behalf of method, a little later in this article.
Sending as a Group or Public Folder
Administrators often ask how they can send as a distribution group, or even a public folder. One of the most common applications of this scenario is where an organization creates a helpdesk-style distribution group, meaning that multiple users receive messages addressed to the distribution group. It’s then typically a requirement that these users send messages so that they appear to come from the distribution group rather than from the individual members of the group. The good news is that the Send As permission works for these objects too. To send as a distribution group, the steps are identical to those that I detailed earlier, the only difference being that you’d obviously need to locate the distribution group and bring up its properties, rather than a user account. An example of this is shown below in Figure 4, where my own user account has been granted the Send As rights for the IT Consultants distribution group.
Figure 4: Send As a Distribution Group
Of course, it’s also possible to send as a public folder. In this case, the steps are a little different but the concept is the same. The steps are:
- Run the Exchange System Manager snap-in.
- Under the relevant administrative group, navigate to Folders / Public Folders and then find the relevant public folder that you’d like to send messages as.
- Bring up the properties of the folder and go to the Permissions tab.
- Click the Directory Rights button and then add your chosen user account as before, making sure that the Send As right has been granted.
- If the Directory Rights button is not available, make sure that the public folder is mail-enabled. This can be done by first right-clicking the public folder in Exchange System Manager, then choosing All Tasks / Mail Enable.
- Back in the properties of the public folder, switch to the Exchange Advanced tab and make sure that the Hide from Exchange address lists option is not selected, otherwise you won’t be able to locate the folder when clicking the From button in Outlook.
Send On Behalf Of
Now let’s go back to our manager/assistant example and consider the scenario where the manager requires the assistant to send email messages on their behalf, making sure that the recipient knows that the assistant has indeed sent the message on behalf of the manager. To achieve this, Outlook’s delegate access feature can be used.
The important difference between delegate access and the Send As permission that I covered earlier in this article is that the delegate access feature can be set by the user or by the administrator. Therefore, in our example, the manager can set delegate access by choosing Tools / Options from within Outlook and then choosing the Delegates tab. Figure 5 shows how this looks.
Figure 5: Delegate Access Tab
Clicking the Add button will then allow the manager to choose their assistant that will act as the delegate from the Global Address List (GAL). Once the assistant has been chosen, the Delegate Permissions window is displayed, an example of which is shown in Figure 6. Here you can see that the assistant has been given Editor permissions by default to the Calendar and Tasks folders, but not the Inbox folder. Therefore, the next thing to do is to ensure the assistant also has Editor permissions against the manager’s Inbox folder. Once done, this will allow the assistant to send messages on behalf of the manager.
Figure 6: Default Delegate Permissions Window
Another way to set delegate access can be performed by the Exchange administrator. This can be performed via the following series of steps:
- Run the Active Directory Users and Computers snap-in.
- Locate the relevant user, in this case the manager’s user account, and bring up its properties.
- Go to the Exchange General tab and click the Delivery Options button.
- In the Send on behalf area, click the Add button and add in the assistant’s account that you’d like to send on behalf of the manager. This is shown below in Figure 7.
Figure 7: Administrator Granting Send On Behalf Of
Once delegate access has been set, the assistant can now use the From field in Outlook as previously shown in Figure 2 above. The difference is how the message recipient sees the sender of the message. You’ll remember from earlier in the article that if the administrator grants direct Send As rights, the message will be shown as if it was sent directly by the manager. With the Send on Behalf of permission, the recipient will see that the message has been sent by the assistant on behalf of the manager. This is shown in Figure 8.
Figure 8: ‘Send on Behalf of’ Sample Message
Another useful thing that I want to mention is that it’s worth noting here what happens when the recipient replies to this message. In Figure 8 above, if I reply to the message the reply will be addressed to the manager and not the assistant. If the assistant wishes replies to go back to them, the assistant needs to make use of the Have replies sent to: option when composing the original message. This is shown in Figure 9.
Figure 9: Setting The Reply Destination
Finally, note that it’s also possible to send on behalf of a public folder. This option can be found by bringing up the properties of the public folder in Exchange System Manager, clicking the Exchange General tab, and then clicking the Delivery Options button.
Sending messages either directly as another user, or on behalf of another user, is an extremely useful feature of Exchange and Outlook and no doubt one that is used widely within most organizations. Add onto that the ability to do the same with distribution groups and public folders and you have increased flexibility when choosing how you wish recipients to view the sender of the message. Also, don’t overlook the ability for users themselves to choose who can send messages on their behalf.