Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


When you try to add a user (delegate access) to Exchange Server 2013 from Microsoft Outlook, you receive the following error message: 

The Delegates settings were not saved correctly. Cannot activate send-on-behalf-of list. You do not have sufficient permissions to perform this operation on this object.


This issue occurs because the MyMailboxDelegation role was not added during deployment of Exchange Server 2013.


Cumulative update information

For Exchange Server 2013

To resolve this issue, install Cumulative Update 14 for Exchange Server 2013 or a later cumulative update for Exchange Server 2013.

More Information

To work around this issue, create a new role group which has permissions to enable and add delegates from Outlook. To do this, follow these steps:

  1. Create a new child role from the parent role "User Options" by using the following statement:

    New-ManagementRole -Name "MyMailboxdelegation" -Parent "user options"

  2. Include only those parameters which are required such as in the following example:

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Set-Mailbox" -Parameters     SimpleDisplayName, RoomMailboxPassword, DisplayName, Password, OldPassword, NewPassword, AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, DeliverToMailboxAndForward, ErrorAction, ErrorVariable, ExternalOofOptions, ForwardingAddress, ForwardingSmtpAddress, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable -RemoveParameter -Confirm:$false

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Get-Mailbox" -Parameters Database, Arbitration, RemoteArchive, Monitoring, PublicFolder -RemoveParameter -Confirm:$false

    Set-ManagementRoleEntry -Identity "MyMailboxdelegation\Set-Mailbox" -Parameters Identity –AddParameter -Confirm:$false

  3. Remove all other role entries such as in the following example:

    Get-ManagementRoleEntry MyMailboxdelegation\* | ? {$_.Name -ne "set-mailbox" -and $_.Name -ne "get-mailbox"} | Remove-ManagementRoleEntry -Confirm:$false

  4. Create a new role group by assigning the child role that you created in step 1 as in the following example:

    New-RoleGroup MailBoxDelegation -Roles MyMailboxdelegation

  5. You are ready with the new role group MyMailboxdelegation. Next, add the user who should be able to grant Delegate + Send On Behalf rights to the role group that you created in step 4 as in the following example:

    Add-RoleGroupMember MailBoxDelegation -Member "user_alias"

    Note You can also add members from Active Directory Users and Computers snap-in, click Microsoft Exchange Security Groups.


Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?

Thank you for your feedback!