Tech

Couldn't resolve the user or group "User Name." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

Hello,

I have a 2016 on premises Exchange environment. One domain, one forest.
I am trying to add a domain user to a distribution group with “Send As” permissions and I am getting the following error:

Couldn’t resolve the user or group “User Name.” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

These distribution groups were moved from a previous version of exchange server 2013. However, this symptom occurs even with newly created groups on the 2016 server environment. I have no issues adding a user with “Send As” permissions to a mailbox. This only happens with distribution groups.

Thanks

2 Likes

Hi,

Do these distribution groups been moved from the previous version Exchange server?

What’s the command you used to assign the Send As permission and Send On Behalf permission?

You can try to run the following command to assign the send as permission of the distribution group to the user:

Add-ADPermission -Identity -User -ExtendedRights “Send As”

Note that the Identity parameter requires you to use the Name or DistinguishedName value of the group, you can get the value through the following command:

Get-Recipient -Identity | FL Name,DistinguishedName

You can also try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully:
Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

3 Likes

Hi,

What’s the exact version of your Exchange server?

Have you typed the correct email address of the distribution group on “From” when sending mails?

Please check if the Send As permission has been assgined successfully with the following command:

Get-ADPermission -Identity <GroupName> | where {$_.ExtendedRights -like 'Send*'} | Format-Table -Auto User,Deny,ExtendedRights

If the permission is assigned successfully, you can try to restart the Exchange Information Store service from services page, then test if you still get this error:

Thanks

1 Like

You can also try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully:
Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

Thanks

2 Likes

Hi @afzal,

If you still need the help on this issue please follow the below steps:

Issue Symptom

The environment is Exchange 2016, one domain and one forest.

When try to add a user to a distribution group with Send As permissions through ECP and Powershell, would get the error: Couldn’t resolve the user or group. If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

Try with multiple distribution groups and multiple user accounts but all scenarios would get this error.
But there is no issue when adding a user with Send As permission to a mailbox.

Suggestions

Try to add the permission from Active Directory Users and Computers, test if the permission could be added successfully: Start Active Directory Users and Computers>>check Advanced Features from View>>find the related group from OU and right-click>>choose properties>>security tab>>add the user and choose the send as permission>>OK

If you add the permission successfully, but get error when send message with this permission, please check if the Send As permission has been assgined successfully:

Get-ADPermission -Identity <GroupName> | where {$_.ExtendedRights -like 'Send*'} | Format-Table -Auto User,Deny,ExtendedRights

If the permission is assigned successfully, you can try to restart the Exchange Information Store service from services page, then test again.

Thanks