"The Delegates settings were not saved correctly" when you try to add a user to Exchange Server 2013 from Microsoft Outlook

Symptoms

When you try to add a user (delegate access) to Exchange Server 2013 from Microsoft Outlook, you receive the following error message: 

The Delegates settings were not saved correctly. Cannot activate send-on-behalf-of list. You do not have sufficient permissions to perform this operation on this object.

Cause

This issue occurs because the MyMailboxDelegation role was not added during deployment of Exchange Server 2013.

Resolution

Cumulative update information

For Exchange Server 2013

To resolve this issue, install Cumulative Update 14 for Exchange Server 2013 or a later cumulative update for Exchange Server 2013.

More Information

To work around this issue, create a new role group which has permissions to enable and add delegates from Outlook. To do this, follow these steps:

  1. Create a new child role from the parent role "User Options" by using the following statement:

    New-ManagementRole -Name "MyMailboxdelegation" -Parent "user options"

  2. Include only those parameters which are required such as in the following example:

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Set-Mailbox" -Parameters     SimpleDisplayName, RoomMailboxPassword, DisplayName, Password, OldPassword, NewPassword, AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, DeliverToMailboxAndForward, ErrorAction, ErrorVariable, ExternalOofOptions, ForwardingAddress, ForwardingSmtpAddress, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable -RemoveParameter -Confirm:$false

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Get-Mailbox" -Parameters Database, Arbitration, RemoteArchive, Monitoring, PublicFolder -RemoveParameter -Confirm:$false

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Set-Mailbox" -Parameters Identity –AddParameter -Confirm:$false

  3. Remove all other role entries such as in the following example:

    Get-ManagementRoleEntry MyMailboxdelegation\* | ? {$_.Name -ne "set-mailbox" -and $_.Name -ne "get-mailbox"} | Remove-ManagementRoleEntry -Confirm:$false

  4. Create a new role group by assigning the child role that you created in step 1 as in the following example:

    New-RoleGroup MailBoxDelegation -Roles MyMailboxdelegation

  5. You are ready with the new role group MyMailboxdelegation. Next, add the user who should be able to grant Delegate + Send On Behalf rights to the role group that you created in step 4 as in the following example:

    Add-RoleGroupMember MailBoxDelegation -Member "user_alias"

    Note You can also add members from Active Directory Users and Computers snap-in, click Microsoft Exchange Security Groups.

 

Properties

Article ID: 3132513 - Last Review: Sep 20, 2016 - Revision: 1

Feedback