OK so we have some scripts that manage shared non-user accounts. When creating these accounts we often need to apply a 'Send-as' rule to them so users can send out as the account and not their own ID.
on 2007 I was able to use this command :
Add-ADPermission -Identity $permissIdentity -User $permissUser -ExtendedRights 'Send-as' -DomainController $script:dc
However that now that we're on Exchange 2013 this fails with "INSUFF_ACCESS_RIGHTS" . it appears to be the way RBAC handles permissions and that the Active directory/Exchange worlds are very separate now. This separation of duties blocks
exchange from doing this type of AD permission (and Add-ADPermission is an exchange cmdlet not an AD one).
Now I *can* go into Active Directory Users and Computers (ADUC) drill down into the security tab and grant send as that way. however that's a manual process and we need it to be re-incorporated into our scripts. However the 'Active Directory' module which I'm also importing does not appear to have any cmdlets that allow me to apply a security rule like that programmatically.
Is there a non-exchange module/snap in that I can use in powershell to apply 'Send-As' Permissions to an account?