The delegates settings were not saved correctly. Cannot activate send-on-behalf-of-list. You do not have sufficient permission to perform this operation on this object.
Role Based Access Control was introduced by Microsoft in Exchange 2010. Within Exchange 2013 Microsoft prolonged this feature for a good reason. It simplifies assigning permissions for users in the email environment. Assign a role or permission to the Exchange policy where users are a member of and these users receive the new permissions they need to do their job, for example:
- Edit distribution lists
- Edit delegate permissions
At a customer site who migrated from Exchange 2007 to Exchange 2013, users that owned a shared mailbox could no longer set delegate permissions.
The issue was solved by delegating the RBAC role “MyMailboxDelegation” to the “Default Role Assignment Policy”, this policy was used by all users. Next I applied the correct AD permission to the shared mailbox to actually grant a specific user the permissions to set the Send-On-Behalf-Of permission on the shared mailbox. Follow the below steps:
1. Check if the new role is delegated to the Organization Management Role group if the assignment is there and the type is “DelegatingOrgWide”. To do this run the following command:
Get-ManagementRoleAssignment -Role MyMailboxDelegation | fl name,RoleAssignmentDelegationType
2. If the “delegation” assignment is available proceed by assigning it to your appropriate “Role Assignment Policy”, by running the following command:
New-ManagementRoleAssignment -Name ‘Mymailboxdelegation-Default Role Assignment policy’ -Role “Mymailboxdelegation” -Policy “Default Role Assignment Policy
3. Now the mailbox manager must be granted Active Directory permissions to write “Personal-Information” on the shared mailbox, so that the “publicDelegate” attribute could be changed:
Add-ADPermission “Delegated Mailbox” -User “UserwithFullMailboxAccess” -AccessRights WriteProperty -Properties Personal-Information
4. The mailbox owner is now able to configure the calendar delegation without any error messages.