Using Exchange 2003, I was struggling to set up an aliasing scheme so that I could have a 'network administration' group which would serve as a target for incoming email relating to network issues such as ICANN registration, ISP correspondence, etc. The set of internal users responsible for this correspondence could then vary over time by being added as members of the group. Also, I would grant the 'on behalf of' right to those users so that they could send outgoing email from that address.
Unfortunately, it was a struggle. Here are the problems:
- Changes made to the Exchange server do not propagate in real time. For example, when I added a new user or mailbox, they did not appear in the Global Address List. I had to manually rebuild the 'Offline Address List' on the Exchange server to make them appear. By default, this happens infrequently. Interestingly, when you trigger the rebuilding process, Exchange warns that the process could take several hours. With 50-ish mailboxes, it took a few minutes.
- When you try to send email on behalf of someone else, you cannot simply type their email address into the 'From' box -- even if Outlook recognizes and completes the address for you. You must select the address manually from the Global Address List. If you don't do it this way, the email will be bounced back with the misleading error message: 'You do not have permission to send to this recipient' (read: you do not have permission to send as this sender).
- You cannot send mail on behalf of an email address associated with a group. Exchange does not support that operation.
Incidentally, you do not seem to have to add a person to the 'On Behalf Of' list for a mailbox when that person has administrative rights.
