Hello,

I have a 2016 on premises Exchange environment. One domain, one forest.
I am trying to add a domain user to a distribution group with “Send As” permissions and I am getting the following error:

Couldn’t resolve the user or group “User Name.” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

These distribution groups were moved from a previous version of exchange server 2013. However, this symptom occurs even with newly created groups on the 2016 server environment. I have no issues adding a user with “Send As” permissions to a mailbox. This only happens with distribution groups.

Thanks

Hi,

Do these distribution groups been moved from the previous version Exchange server?

What’s the command you used to assign the Send As permission and Send On Behalf permission?

You can try to run the following command to assign the send as permission of the distribution group to the user:

Add-ADPermission -Identity -User -ExtendedRights “Send As”

Note that the Identity parameter requires you to use the Name or DistinguishedName value of the group, you can get the value through the following command:

Get-Recipient -Identity | FL Name,DistinguishedName

You can also try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully:
Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

Hi,

What’s the exact version of your Exchange server?

Have you typed the correct email address of the distribution group on “From” when sending mails?

Please check if the Send As permission has been assgined successfully with the following command:

Get-ADPermission -Identity <GroupName> | where {$_.ExtendedRights -like 'Send*'} | Format-Table -Auto User,Deny,ExtendedRights

If the permission is assigned successfully, you can try to restart the Exchange Information Store service from services page, then test if you still get this error:

image858×585 90 KB

Thanks

You can also try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully:
Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

Thanks

Hi @afzal,

If you still need the help on this issue please follow the below steps:

Issue Symptom

The environment is Exchange 2016, one domain and one forest.

When try to add a user to a distribution group with Send As permissions through ECP and Powershell, would get the error: Couldn’t resolve the user or group. If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

Try with multiple distribution groups and multiple user accounts but all scenarios would get this error.
But there is no issue when adding a user with Send As permission to a mailbox.

Suggestions

Try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully: Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

If you add the permission successfully, but get error when send message with this permission, please check if the Send As permission has been assgined successfully:

Get-ADPermission -Identity <GroupName> | where {$_.ExtendedRights -like 'Send*'} | Format-Table -Auto User,Deny,ExtendedRights

If the permission is assigned successfully, you can try to restart the Exchange Information Store service from services page, then test again.

Thanks

Configuring “send as” permissions is not difficult at all in the Windows active directory server. You can do this in two ways to grant the permissions.

• Grant send as permissions to a mailbox user (eg, Grant Afzal permission to send as “Payroll Team”)
• Grand send as permissions to a universal security group (eg grant “Payroll Team Leaders” permission to send as “Payroll Team”)

Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change. This way you can grant the permissions by using Active Directory Users & Computers.