17958: How to run the ApplySendAsPermission tool to setup the "Send As" permission for the GoodAdmin Service Account

Article ID: 17958
Date: 13 March 2007

Title: How to run the ApplySendAsPermission tool to setup the "Send As" permission for the GoodAdmin Service Account

Fact: Send As permission tool instructions:

The ApplySendAsPermission tool will programatically grant a specified domain user with the MS Exchange "Send As" permission in Active Directory at the domain level. Download the ApplySendAsPermission.exe file to a host logged in with a domain administrative account.

To download the ApplySendAsPermission tool, click here. Launch a command prompt and change to the directory where the ApplySendAsPermission tool is located.

USAGE: ApplySendAsPermission -g GoodAdmin_User [-d domainname] [-h]

-g - This parameter is mandatory. Enter name of Good Administrator account.
-d - This parameter is optional. Enter domain name Good Administrator is part of. If this argument is missing, domain which this computer belongs to is used.
-h - This parameter is optional. Displays command line help.

When this tool is executed using a domain account with administrative rights, the following is an example of the expected output.

C:\>applysendaspermission -g goodadmin

Good Administrator name entered: goodadmin
Getting domain info..

Domain name: theforce.good.com
Binding to Active Directory..

Binding to Active Directory succeeded.

User SID: S-1-5-21-3957203072-2364427385-1485341125-1524

Granting 'Send As' permission to: theforce\goodadmin.

'Send As' permission successfully granted to Good Administrator.

C:\>

If this tool is executed using an account that does not have sufficient administrative permission in Active Directory, an error will be displayed. For example:

C:\>applysendaspermission -g testuser

Good Administrator name entered: testuser
Getting domain info..

Domain name: theforce.good.com
Binding to Active Directory..

Binding to Active Directory succeeded.

Granting 'Send As' permission to: theforce\testuser.

Failed to update security descriptor. Error: 80070539

Failed to grant Good Administrator 'Send As' permission. Error:80070539

C:\>

Once the "Send As" permission is set properly, it can be verified by checking the goodadmin account permissions in Active Directory.

/body>