Replace Dell PERC H310 to H710 Raid Controller without losing data

Download PDF

I have successfully upgraded Dell PERC H310 Raid Controller with H710 without losing any data. The process was very simple, pretty much plug and play. Before the upgrade I tried to consult with the Dell techs, but they had no idea about the process and its outcome since apparently no one ever had a need to do it, but me. Well, i guess I am a pioneer now 🙂

To assure everyone it really works, I took a video, watch bellow.

Any questions feel free to ask.

1. Remove the old PERC H310 card

old_perc_h310_in_server_large        old_perc_h310_in_server

 

2. Insert new PERC H710 (make sure to plug in the SAS connectors)

perc_h710_box        perc_h710_in_server

3. Watch the video.

How To Setup Server 2012 as a Domain Controller

Download PDF

OVERVIEW

In Windows Server 2012, dcpromo has been deprecated.

dcpromo-deprecated-ws2012-1

In order to make the windows server 2012 domain controller we will install ADDS (Active Directory Domain Services) role from the server manager on Windows Server 2012.

First we will change the server name let say server2012dc and  the IP address 10.10.21.1 (try to avoid using default 192.168.0.1)

renamecomp

renamecomp-1

INSTALLING AD DS ROLE

adds

“Before You Begin” screen provides you basic information such as configuring strong passwords, IP addresses and Windows updates.

adds-011

On Installation Type page, select the first option “Role-based or Feature-based Installation“.

Scenario-based Installation option applied only to Remote Desktop services.

adds-021

On the “Server Selection” Page, select a server from the server pool and click next.

adds-031

To install AD DS, select Active Directory Domain Services in turn it will pop-up to add other AD DS related tools. Click on Add Features.

adds-041

After clicking “Add Features” above, you will be able to click “Next >” as shown in the screen below.

adds-051

On the “Select Features” Page, Group Policy Management feature automatically installed during the promotion. Click next.

adds-061

On the “Active Directory Domain Services” page, it gives basic information about AD DS. Click Next.

adds-071

On the “Confirmation” Page, You need to confirm this to continue with this configuration. It will provide you an option to export the configuration settings and  also if you want the server to be restarted automatically as required.

adds-081

After clicking “Install” the selected role binaries will be installed on the server.

adds-091

After “Active Directory Domain Services” role binaries have been installed and now it is time to promote the server to a Domain Controller.

adds-0101

 

PROMOTING WINDOWS 2012 SERVER TO DOMAIN CONTROLLER

To create a new AD forest called “ArabITPro.local”, select add a new forest.

adds-0112

Type the name ArabITPro.local

adds-0122

Specify the FFL, DFL, whether or not it should be a DNS Server and also the DSRM administrator password. As you can see, it has selected the GC option by default and you cannot deselect it. The reason for this is that is the very first DC of the AD forest and at least one needs to be a GC.

adds-0132

DNS delegation warning.

adds-0142

Checks the NetBIOS name already assigned.

adds-015

Specify the location of the AD related folders and then click next.

adds-016

Summary Of All Installation Options/Selections.

adds-017

Click View script for single command  line PowerShell script for dcpromo.

adds-018

Before the actual install of AD, all prerequisites are checked. If All prerequisite checks are passed successfully then click Install.

adds-019

When you click Install, DNS and the GPMC are installed automatically.

adds-020

After the promotion of the server to a DC finished server restart automatically.

Once the server is booted and you logon to it, click on  Server Manager | Tools ,  will notice that following have been installed :

•   Active Directory Administrative Center
•   Active Directory Domains and Trusts
•   Active Directory Module for Windows PowerShell
•   Active Directory Sites and Services
•   Active Directory Users and Computers
•   ADSI Edit
•   DNS
•   Group Policy Management

adds-022

original tutorial – Microsoft

 

Can’t create files on the C drive of Windows 8 A required privilege is not held by the client

Download PDF

A required privilege is not held by the client when you try to create a file or folder on the c drive of Windows 8.

Do not turn UAC off from Windows 8 control panel.

Instead, go to registry and do the following:

  1. Press keys “Windows Key + R”, type regedit
  2. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
  3. Update the EnableLUA value to 0 (turn if off)
  4. Restart Windows.

 

Tested, works 🙂

Yet again, thanks Microsoft for a great OS!

How to fix: Hotmail & Gmail mark me as SPAM – Be careful! This sender failed our fraud detection checks.

Download PDF

If your emails keep going to people’s “Junk” or “Spam” folders on either GMAIL or HOTMAIL this is how to fix it:

GMAIL, HOTMAIL and many other public email systems use Sender Policy Framework (SPF) to recognize legit senders.

If you do not have a valid SPF Record in place, your emails won’t pass the security check and will me marked as SPAM.

 

1. You need to access your Hosting Control Panel, where the domain in question is hosted. In our case we use cPanel.

cpanel

2. Find DNS Zone Editor icon (either Simple or Advanced)

dns_editor

3. Chose the domain you want to add the records to and add the following details

add_txt_record

 

v=spf1 ip4:ipaddress/24 -all

v=spf1 a mx include:serverhostname.com ~all

v=spf1 +a +mx +ip4:ipaddress ?all

 

First option is to use the public ip address /24 in that subnet

Second option uses the server FQDN no matter what the IP is

Third option uses the public ip address regardles of subnets

 

Second option us usually the most correct option since it uses a FQDN regardles of it’s public IP address..

 

Hope this helps 🙂

If any questions feel free to comment or private message me.

 

 UPDATE 04.10.2013.

SPF Record Generator

By Microsoft, works great.

 

\Device\Ide\iaStor0 did not respond within the timeout period – Intel RAID

Download PDF

UPDATE 21.09.2013.

DO THIS FIRST.

power-1

 

power-2

 

power-3

 

ALSO, check this out:

http://www.intel.com/support/chipsets/imsm/sb/CS-025783.htm

*********************************************************************************************************************************

ONLY DO THIS IF THE TOP DOESNT WORK.

1. First, check if your hard drive(s) support “Link Power Management (LPM)”. This error usually appears on drives that do not support LPM, “feature described by the Serial ATA specification to overcome the power demand of a high-speed serial interface, SATA and providing the capability of SATA at the minimum power cost.”

 

2. If your drives do not support LPM we can disable it, since default is enabled. To disable LPM selectively by port go to,  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Portn\

where n represents the port number, starting from 0. Within each of those keys are the following DWORD values:

LPM: 0 (disable) or 1 (enable); default = enable
LPMSTATE: 0 (partial), 1( slumber); default = disable; ignored when LPM = 0
LPMDSTATE: 0 (partial), 1 (slumber); default = enable
DIPM: 0 (disable), 1 (enable); default = enable

Capture

 

Change the states on all SATA ports, restart the computer.

Hopefully this helps.

Dell PERC H310 slow performance

Download PDF

Do not buy Dell PERC H310 raid controller no matter what.

Thanks to our Dell account and sales manager we ended up with one. He made a mistake during the ordering process, bless him.

So instead of H710 we got this H310 rubbish.

UPDATE 26.10.2013 >>>>

http://blog.osmicro.org/replace-dell-perc-h310-h710-without-losing-data/

 

We have 2x 300GB SAS drives runing in RAID 1 and we have 5x 2TB SAS drives in RAID 5.

RAID 1 works sort of ok, but RAID 5 was so slow, it took 4 days for the RAID Controller to do it’s first initialisation. During that time, RAID 5 was so slow it was impossible to work with.

After the initial initialisation was complete, i intended to install few virtual machines on it. It took more then 2.5 hours to install Windows Server 2008 R2 vm!! Not to mention if you try to install 2 at the same time it bluescreens..

A total joke..

But what kills me, PERC H310 still comes as an available option during server build, even though Dell acknowledges it is not to be used with anything other then RAID 1 (max 500GB size).

Dell has agreed to send us a new PERC H710 replacement for free (pff like i would agree on anything less then that).. Once it arrives I will try to migrate to it without breaking the RAID arrays. Will see what happens..

UPDATE 26.10.2013 >>>> http://blog.osmicro.org/replace-dell-perc-h310-h710-without-losing-data/

 

In the mean time, the poor server stays offline..

 

Server Del PERC H310

Hyper-V – VSS Snapshot (Online Backup) of Server 2012 or Windows 8 Virtual Machine puts in saved state

Download PDF

If you are running a Hyper-v Role on Server 2008 R2 (not tested on Hyper-v 2012) and you have a Windows 8 or Server 2012 running as guest OS (virtual machine) you may have a problem when trying to execute a VSS backup snapshot of the whole server (including its VMs). For example using Windows Server Backup or Acronis or Storage Craft Shadow Protect etc.

It will do the backup, but while doing it, it will put above mentioned virtual machines into “Saved” state, making them unusable during the backup process.

The Windows 8 or Windows server 2012 guest needs to have scoped VSS snapshots turned off in order to support online backups. This is a new feature apparently in Win8/2012 and the default is enabled.

Implement this registry key on EACH Windows 8 or Windows 2012 guest to resolve the issue.  You must add a key called SystemRestore, then add a value called ScopeSnapshots as follows.

Run>regedit>HKLM\Software\Microsoft\Windows NT\CurrentVersion\ > create key SystemRestore > Create DWORD ScopeSnapshots > value 0

scopesnapshots

Server 2008 R2 Hyper-V : Windows 8 and Server 2012 Virtual Machines freeze and crash

Download PDF

I you are running Hyper-V role on Server 2008 R2 Service Pack 1 or Server 2008 (SP2 not supported) and you decide to install Windows 8 or Server 2012 as a virtual machine you must install an official Microsoft patch found here: http://support.microsoft.com/kb/2744129

 

Details:

Symptoms

Assume that you have the Hyper-V server role installed on a computer that is running Windows Server 2008 or Windows Server 2008 R2. You create a virtual machine that is running Windows 8 or Windows Server 2012 on the computer. However, you experience one or more of the following issues:

  • The virtual machine stops responding.
  • You receive a Stop error message, and the computer restarts. This behavior stops all running virtual machines together with the computer.

Cause

The issue occurs because the Hypervisor does not handle the one-shot synthetic timer correctly.Note The one-shot synthetic timer is also known as the aperiodic timer.

Resolution

Update information

How to obtain this update

Microsoft Update

This update is available from the following Microsoft Update website:

http://update.microsoft.com
Microsoft Download Center

The following files are available for download from the Microsoft Download Center:

Operating system Update
All supported x64-based versions of Windows Server 2008

Download

Download the update package now.

All supported x64-based versions of Windows Server 2008 R2

Download

Download the update package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running one of the following operation systems. Additionally, you must have the Hyper-V server role installed.

  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Service Pack 1 (SP1)

For more information about how to obtain a Windows Vista or Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

968849 How to obtain the latest service pack for Windows Vista and for Windows Server 2008

For more information about how to obtain a Windows 7 or Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update replaces the hotfix that is described in Microsoft Knowledge Base (KB) article 2526776. For more information about KB article 2526776, click the following article number to view the article in the Microsoft Knowledge Base:

2526776 An update that enables Windows 8 or Windows Server 2012 to be hosted in a Hyper-V virtual machine on Windows Server 2008 R2
———————————
Ref:

Sharepoint 2013 Search “No Results” crawler issue

Download PDF

Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has “Full Read” permissions on the SharePoint Web Application being crawled.

My self hosted Microsoft Sharepoint 2013 search results were coming up with “No results”. Above message is what i found in my Crawler Logs.

Crawler Content was set properly but the crawler does come with Access Denied when trying to crawl my Site using my “Internet” URL (http://sharepoint.123.com). My “Default” URL seem to crawl fine (http://192.168.0.x). My FQDN (“Internet”) is my primary access URL and if crawler is not able to access it, we will not be able to search.

The problem is in “LoopBackRequest” (loopback check).

When the search engine tried to crawl the content using the http://sharepoint.123.com URL, the server will reject the request. because, it will take the request as “LoopBackRequest“.

There are 2 ways of fixing this issue:

BEFORE YOU CONTINUE, MAKE SURE “CONTENT SOURCES” IN “CENTRAL ADMINISTRATION>SEARCH SERVICE APPLICATION>CONTENT SOURCES” IS CONFIGURED PROPERLY

METHODS BELLOW WORK 100%, IF YOU STILL HAVE A PROBLEM THERE IS A DIFFERENT ISSUE OR YOU ARE MISSING SOMETHING. Comment bellow and I will let try to help

Method 1: Specify host names (Preferred method if NTLM authentication is desired)

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Set the
    DisableStrictNameChecking

    registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then clickOK.
  8. Quit Registry Editor, and then restart the IISAdmin service.

 

Method 2: Disable the loopback check (less-recommended method)

The second method is to disable the loopback check by setting the DisableLoopbackCheck registry key.

To set the DisableLoopbackCheck registry key, follow these steps:

  1. Set the
    DisableStrictNameChecking

    registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.

 

Exchange Outlook Online – Give Users Send As Permissions

Download PDF

STEP 1

 

Install and Configure Windows PowerShell

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2010-05-18

 


Before you can use Windows PowerShell, make sure you have the correct versions of Windows PowerShell and Windows Remote Management (WinRM) installed and configured on your computer. You have to use the Windows Management Framework, which contains the correct versions of Windows PowerShell v2 and WinRM 2.0.

If your computer is running Windows 7 or Windows Server 2008 R2, you don’t have to install anything. The Windows Management Framework is already installed.

You can download and install the Windows Management Framework if your computer is running one of the following operating systems:

  • Windows Vista Service Pack 1 (SP1) or SP2
  • Windows Server 2008 SP1 or SP2
  • Windows Server 2003 SP2
  • Windows XP SP3

Let’s get started:

  1. Uninstall previous versions of Windows PowerShell from your computer.
  2. Uninstall previous versions of WinRM from your computer.
  3. Install the Windows Management Framework.
  4. Verify that Windows PowerShell can run scripts.
  5. Verify that WinRM allows Windows PowerShell to connect.

 


Before you can install the Windows Management Framework, you have to uninstall any existing versions of Windows PowerShell.

Note   This step isn’t required for Windows 7 or Windows Server 2008 R2.

Uninstall Windows PowerShell from Windows Vista


  1. In Control Panel, in Programs, open Programs and Features, and uninstall any instances of Windows PowerShell that appear in the installed programs list. For example, the Community Technology Preview (CTP) version of Windows PowerShell v2 may appear as Windows PowerShell (TM) V2.
  2. Under Tasks, select View installed updates and uninstall any instances of Windows PowerShell that appear in the installed updates list. For example, Windows PowerShell V1 may appear as a Windows update with one of the following Microsoft Knowledge Base article numbers:
    • KB928439
    • KB923569

Uninstall Windows PowerShell from Windows Server 2008


  1. Start Server Manager and go to Features.
    1. Click Uninstall Features.
    2. Select Windows PowerShell and follow the directions to uninstall.
  2. In Control Panel, in Programs, open Programs and Features, and uninstall any instances of Windows PowerShell that appear in the installed programs list.
  3. Under Tasks, select View installed updates. Uninstall any instances of Windows PowerShell that appear in the installed updates list.

Top of page

Uninstall Windows PowerShell from Windows Server 2003 and Windows XP


  1. In Control Panel, open Add or Remove Programs, and uninstall any instances of Windows PowerShell that appear in the installed programs list.
  2. In Add or Remove Programs, select Show updates. Uninstall any instances of Windows PowerShell that appear in the installed updates list. For example, Windows PowerShell V1 may appear as a Windows update with the Knowledge Base article number KB926139.

Top of page

 


Before you can install the Windows Management Framework, you must uninstall any existing versions of WinRM.

Note   This step isn’t required for Windows 7 or Windows Server 2008 R2.

Uninstall WinRM from Windows Vista or Windows Server 2008


  1. In Control Panel, in Programs, open Programs and Features, and uninstall any instances of Windows Remote Management that appear in the installed programs list.
  2. Under Tasks, select View installed updates. Uninstall any instances of Windows Remote Management that appear in the installed updates list. For example, the Community Technology Preview (CTP) of WinRM 2.0 may appear as WindowsRemoteManagement with one of the following Knowledge Base article numbers:
    • KB936059
    • KB950099

Uninstall Windows PowerShell from Windows Server 2003 and Windows XP


  1. In Control Panel, open Add or Remove Programs, and uninstall any instances of Windows Remote Management that appear in the installed programs list.
  2. In Add or Remove Programs, select Show updates. Uninstall any instances of Windows Remote Management that appear in the installed updates list. For example, WinRM might appear as a Windows update with the Knowledge Base article number KB936059.

Top of page

 


  • Download and install the Windows Management Framework. Choose the package that includes Windows PowerShell v2 and WinRM 2.0, and that applies to your operating system, system architecture, and language.
    After you install WinRM and Windows PowerShell, configure the software to work correctly as described in the next steps.
    Note   If your local computer is protected by a Microsoft Internet Security and Acceleration (ISA) server, you may have to install the Windows Firewall Client or configure a proxy server on your local computer to connect Windows PowerShell to the cloud-based service. For more information, see Windows PowerShell: FAQs for Administrators.

Top of page

 


  1. Click Start > All Programs > Accessories > Windows PowerShell.
  2. Do one of the following to open Windows PowerShell:
    • If you’re running Windows Vista, Windows 7, or Windows Server 2008 R2, right-click Windows PowerShell and select Run as administrator. If you get a user account control prompt that asks if you would like to continue, respond Continue.
    • If you’re running Windows XP or Windows Server 2003, click Windows PowerShell.
  3. Run the following command:

    Get-ExecutionPolicy
  4. If the value returned is anything other than RemoteSigned, you need to change the value to RemoteSigned.
    Note   When you set the script execution policy to RemoteSigned, you can only run scripts that you create on your computer or scripts that are signed by a trusted source.

Enable scripts to run in Windows PowerShell


In Windows PowerShell session you just opened as an administrator, run the following command:

Set-ExecutionPolicy RemoteSigned

Top of page

 


  1. Click Start > All Programs > Accessories.
  2. Do one of the following to open a command prompt:
    • If you’re running Windows Vista, Windows 7, or Windows Server 2008 R2, right-click Command Prompt and select Run as administrator. If you get a user account control prompt that asks if you would like to continue, respond Continue.
    • If you’re running Windows XP or Windows Server 2003, click Command Prompt.
  3. At the command prompt, run the following commands:

    net start winrm
    winrm get winrm/config/client/auth

    Note   If the WinRM service is already running, you don’t have to start it. You can check the status of the WinRM service by running the command sc query winrm.

  4. In the results, look for the value Basic = . If the value is Basic = false, you must change the value to Basic = true.
    Note   If you started the WinRM service, and you don’t need to change the Basic value, run the command net stop winrm to stop the WinRM service.

Configure WinRM to support basic authentication


  1. At the command prompt you just opened as an administrator, run the following commands. The value between the braces { } is case-sensitive:

    winrm set winrm/config/client/auth @{Basic="true"}
  2. In the command output, verify the value Basic = true.
    Note   If you started the WinRM service, run the command net stop winrm to stop the WinRM service.

STEP 2

Connect Windows PowerShell to the Service

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2013-01-24

After you have installed and configured Windows PowerShell and Windows Remote Management (WinRM) on your computer, you have to connect the Windows PowerShell on your local computer to the cloud-based service to perform tasks in your cloud-based organization.

When you start Windows PowerShell, you’re in the Windows PowerShell session of your local computer. A session is an instance of Windows PowerShell that contains all the commands that are available to you.

The Windows PowerShell session of your local computer, called the client-side session, has only the basic Windows PowerShell commands available to it. By connecting to the cloud-based service, you connect to the Microsoft datacenter’s server environment, called the server-side session. This contains the commands used in the cloud-based service.

Before you begin


Before you connect, make sure you have the correct version of Windows PowerShell and WinRM installed and configured on your computer. For more information, see Install and Configure Windows PowerShell.

Verify that the account you will use to make the connection is authorized to connect by using Windows PowerShell. For more information, see Control Users’ Access to Windows Remote Management.

Connect Windows PowerShell on your local computer to the cloud-based service


  1. Click Start, point to All Programs, click Accessories, click Windows PowerShell, and then click Windows PowerShell.
  2. Run the following command:

    $LiveCred = Get-Credential
  3. In the Windows PowerShell Credential Request window, type the credentials of an account in your cloud-based organization. Then, click OK.
  4. Run the following command:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    noteNote:
    The AllowRedirection parameter enables cloud-based organizations in datacenters all over the world to connect Windows PowerShell to the cloud-based service by using the same URL.
  5. Run the following command:

    Import-PSSession $Session

    Commands that are used in the cloud-based service will now be imported into the client-side session of your local computer, as tracked by a progress bar. When this process is complete, you can run these commands.

Disconnect Windows PowerShell from the cloud-based service


When you’re finished using the server-side session, always disconnect Windows PowerShell by running the following command:

Remove-PSSession <session variable>

For example, to disconnect from the server-side session that is defined by the $Session variable, run the following command:

Remove-PSSession $Session

Important   If you close the Windows PowerShell window without disconnecting from the server-side session, your connection will remain open for 15 minutes. Your account can have only three connections to the server-side session at one time.

STEP 3

Give Users Send As Permission

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2011-03-19

Send As permission, also known as SendAs permission, gives a user permission to use another recipient’s e-mail address in the From address. For example, when you give the user Chris Send As permission on the mailbox of a user named Michelle, Chris can send e-mail messages that appear to be sent by Michelle, with no indication to the recipient that anyone other than Michelle sent the message. Or, if your organization uses a Help Desk distribution group, you can give Help Desk staff Send As permission on the Help Desk distribution group. That way, replies to messages sent to the Help Desk group appear to come from the group instead of an individual Help Desk technician.

To give a user Send As permission, you use Windows PowerShell.

Before you begin


  • To learn how to install and configure Windows PowerShell and connect to the service, see Use Windows PowerShell in Exchange Online.
  • The Send As permission is different than the Send on Behalf permission. If the user Chris has Send on Behalf permission on Michelle’s mailbox, when Chris sends an e-mail as Michelle, the From address shows Chris on behalf of Michelle. Microsoft Outlook users can configure Send on Behalf permissions on their own mailbox using delegates. Administrators can configure Send on Behalf permissions on any recipient type using the GrantSendOnBehalfTo parameter.
  • Want more information about parameters? See An explanation of parameters.
Give a user Send As permission


Run the following command:

Add-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

For example, to give the user named Ayla Kol Send As permission for the Help Desk mailbox , run the following command:

Add-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"

Ayla can now send messages that appear to come directly from the Help Desk mailbox.

Note   By default, you are asked to confirm the addition of the Send As permission. To skip the confirmation prompt, use -Confirm:$false.

View Send As permissions


Use the Get-RecipientPermission cmdlet to display all the Send As permissions configured in your organization. You can filter the list to show Send As permissions granted to a specific user and to see the Send As permission on a specific recipient.

View Send As permission for a specific user


Run the following command:

Get-RecipientPermission - Trustee <user>

For example, to list the recipients for whom the user named Kim Akers has Send As permission, run the following command:

Get-RecipientPermission -Trustee "Kim Akers"

Kim can send messages that appear to come directly from the recipients.

View Send As permission on a specific recipient


Run the following command:

Get-RecipientPermission <identity>

For example, to list the users who have Send As permission on the Help Desk mailbox, run the following command:

Get-RecipientPermission "Help Desk"

The users listed can send messages that appear to come directly from the Help Desk mailbox.

View all Send As permissions you’ve configured in your organization


Run the following command:

Get-RecipientPermission | where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'null sid')}

Note   The filter hides the automatic Send As permission that allows a user to send messages from their own mailbox, and also any results from system objects like mailbox plans.

Revoke Send As permission


Run the following command:

Remove-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

For example, to revoke Ayla Kol’s Send As permission for the Help Desk mailbox, run the following command:

Remove-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"

Now Ayla can’t send messages that appear to come directly from the Help Desk mailbox.

To skip the confirmation prompt, use -Confirm:$false.

How people use the Send As permission


Individual users or members of security groups with Send As permission can open their own mailboxes and send messages using the From address of the recipient.

Send As permission doesn’t give a user access to another user’s mailbox. To give an individual or members of a security group access to a mailbox, use the following command:

Add-MailboxPermission <mailbox> -User <user or security group> -AccessRights FullAccess

When you give someone access to a mailbox and Send As permission on the mailbox, that person can open the mailbox using their own credentials, compose new messages, and reply to messages in the mailbox.

An explanation of parameters


You use the Add-RecipientPermissionRemove-RecipientPermission, and Get-RecipientPermission cmdlets to add, remove and view Send As permissions. These cmdlets use the same basic parameters:

  • Identity   This parameter specifies the target recipient. The user or group specified by the Trustee parameter can operate on this recipient.
    You can specify any type of recipient. For example:

    • Mailboxes
    • Mail users
    • External contacts
    • Distribution groups
    • Dynamic distribution groups

    The Identity parameter is a positional parameter. The first argument on a cmdlet is assumed to be the Identity parameter when no parameter label is specified. This lets you specify the parameter’s value without specifying the parameter’s name. For example, instead of typing, Get-RecipientPermission -Identity "Kim Akers" you can type, Get-RecipientPermission "Kim Akers".

  • Trustee   This parameter specifies the user or group to whom you’re granting the permission. This allows the user or group to operate on the recipient specified by the Identity parameter.
    You can specify the following types of users or groups:

    • Mailbox users
    • Mail users with a user account
    • Security groups

For the Identity and Trustee parameters, you can use any value that uniquely identifies the recipient.

For example:

  • Alias
  • Distinguished name (DN)
  • GUID
  • Name
  • Display name
  • LegacyExchangeDN
  • E-mail address