Delegate can't send on behalf of after migration to Microsoft 365 hybrid environment
Original KB number: 4039613
Symptoms
If your mailbox is migrated to Exchange Online and add a delegate who has the mailbox in the on-premises environment, the delegate can't send emails on behalf of you with the mailbox in Exchange Online. The folder access and meeting invite-forwarding rule work as expected.
Cause
This issue occurs because the publicDelegates attribute (GrantSendOnBehalfTo) is not currently written back to the on-premises Active Directory Domain Services. This is by default.
Resolution
To automatically write back the send on behalf (publicDelegates) attribute, the user must enable the Microsoft Entra Connect Exchange hybrid deployment settings and must be running version 1.1.553 or a later version. For more information, see the following articles:
As a workaround, an administrator can manually add the send on behalf permission by using Remote PowerShell. To do this, run the following cmdlet:
Set-MailUser UserSMTPAddress -GrantSendOnBehalfTo DelegateSMTPAddress
After this permission is manually added, the delegate will be able to send on behalf of the user.
For Microsoft 365 dedicated/ITAR users only:
If you migrate from a legacy dedicated environment to Microsoft 365, you have to add the send on behalf permission manually. The values are not automatically written back to the dedicated users who moved their mailboxes to vNext.
You can use the following options:
Option 1
Administrators who are a member of the SSA-SE-RemoteMailbox role group can run the following cmdlet:
Set-RemoteMailbox <mailbox> -GrantSendonBehalfTo <delegate>
Option 2
You can submit a request to Microsoft Support to add the GrantSendOnBehalfTo permission to the remote mailbox.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for