Send on Behalf Of for user in Trusted Domain

General discussion of using Adaxes for Active Directory management and administration
Post Reply
HarryNew
Posts: 15
Joined: Mon Sep 04, 2017 12:37 am

Send on Behalf Of for user in Trusted Domain

Tue May 21, 2019 2:53 am

Hello,

we have a forest with two trees that hold one domain each. There is a default tree-root trust (transitive, two-way) between the top domains. Since both trees are in the same forest they share the same global catalog and schema. The relevant exchange mailboxes and most users are held in the forest root domain (lets call it tree-root-1). Less then 5% of the users are held in the other tree-root domain (lets call it tree-root-2).

We configured a button in Adaxes to manage the "Send on behalf of" and "Full Access" properties in Exchange. We used the built-in functionality from Adaxes. The buttons work fine. there is just one problem: If we try to give a user from tree-root-2 "Send on Behalf of" permissions to a mailbox in tree-root-1 we fail, because the 'Look-In" box in the web interface will not allow us to choose anything but tree-root-1 (the forest root domain). When using the "Full-Access" button the "Look-In" box allows us to chose between "Everywhere" and tree-root-1.

Please also see the two attached pictures.

Where can we configure the "Send on Behalf of" function to also use "Everywhere" in the Look-In box?

Thank you for your suggestions!
HarryNew
Attachments
SendOnBehalfOf.jpg
SendOnBehalfOf.jpg (19.92 KiB) Viewed 301 times
FullAccess.jpg
FullAccess.jpg (20.25 KiB) Viewed 301 times

User avatar
Support
Site Admin
Posts: 2349
Joined: Thu Apr 23, 2009 2:28 am

Re: Send on Behalf Of for user in Trusted Domain

Tue May 21, 2019 9:54 am

Hello Harry,

The Send on behalf privilege can be granted only to the users located in a domain that has parent-child Trust Type with the domain of the user being updated. Unfortunately, there is no other possibility. This is an Exchange restriction, not Adaxes.
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

HarryNew
Posts: 15
Joined: Mon Sep 04, 2017 12:37 am

Re: Send on Behalf Of for user in Trusted Domain

Thu Jun 06, 2019 8:35 am

Hello Support,

thank you for your answer. I talked to our Exchange Admins and they do not agree to your answer. Using the Exchange GUIs they can give a user in Tree-root-2 "Send-On-Behalf" permissions to a mailbox in Tree-Root-1. So this is not an Exchange limitation.

In fact, as an AD administrator, I would not see why a tree-root-trust would be different from a parent-child-trust in this question. Both types of trusts connect domains within the same forest. The trust are transitive and two-way. The only difference is, that a separate tree-root allows the usage of a different naming scheme.

Do you have any other ideas why we cannot search for users in the other domain?

Regards
HarryNew
Attachments
ExchangeGuiExample.jpg
ExchangeGuiExample.jpg (114.67 KiB) Viewed 186 times

User avatar
Support
Site Admin
Posts: 2349
Joined: Thu Apr 23, 2009 2:28 am

Re: Send on Behalf Of for user in Trusted Domain

Fri Jun 07, 2019 9:38 am

Hello Harry,

Sorry for the confusion. Could you, please, confirm that the values of the Forest name field in the properties of the domains registered in your Adaxes service are same? To check the values:
  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your Adaxes service node.
  3. Expand Active Directory section.
  4. Right-click the domain which should be checked.
  5. In the context menu, click Properties.
    Domain.properties.png
    Domain.properties.png (17.52 KiB) Viewed 150 times
  6. On the General tab, check the value of the Forest name field.
    Domain.properties.general.png
    Domain.properties.general.png (10.41 KiB) Viewed 150 times
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

HarryNew
Posts: 15
Joined: Mon Sep 04, 2017 12:37 am

Re: Send on Behalf Of for user in Trusted Domain

Wed Jun 12, 2019 7:40 am

Hello Support,

I just checked our system. We have two domains listed under "Active Directory" and they both show the same forest name in "Properties of..."

Maybe I should add that we are using Adaxes 2017.2 (Version 3.8.14823.0).

Regards
HarryNew

User avatar
Support
Site Admin
Posts: 2349
Joined: Thu Apr 23, 2009 2:28 am

Re: Send on Behalf Of for user in Trusted Domain

Fri Jun 14, 2019 6:21 am

Hello Harry,

Thank you for the clarification. We will try to reproduce the issue in our testing environment and will get back to you as soon as a solution is ready.
Active Directory Identity Management

Follow Adaxes in social networks
Image Image Image

Post Reply
  • Information
  • Who is online

    Users browsing this forum: Bing [Bot] and 2 guests