In the Active Roles Web Interface, on the Exchange Online Properties form, on the Delegation tab, searching for users under Send As and Full Access does not return any results.
There are valid Azure-Enabled accounts in the environment, and they have an appropriate value set to the edsvaAzureAssociatedTenantId attribute. However, attempting to query that attribute value using the Active Roles Management Shell does not return a result.
WORKAROUND 1
Delete the edsva-ExchOlMsExch-SendAsTrustees and edsaAzureMailFullAccess attributes from the Delegation tab in the Active Roles Web Interface form and re-adding them using the following LDAP filter:
(&(|(objectClass=user)(objectClass=group))(edsvaAzureObjectId=*))
Note 1: This workaround is only suitable for Active Roles configurations with one Azure Tenant.
Note 2: For this workaround to work the attributes should not exist anywhere in any form so that they can be recreated. After a restart of the IIS service the items should be successfully recreated and work.
WORKAROUND 2
Create a new, blank Active Roles configuration and import the existing configuration database into it.
STATUS
If you experiencing this issue, please open a service request and reference this solution.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center