Error trying to delegate (grant) access to my Outlook Contacts - "The Delegates settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object".

I was attempting to add a user with access to ONLY my contacts. I have a few thousand contacts and I have a temp user that was helping to categorize the contacts. I was trying to get organized.

Received the error "The Delegates settings were not saved correctly...".

If you go back in to TOOLS > Options > Delegates, nothing is saved/changed. For me this is happening on both Outlook 2007 and Outlook 2010 (I have multiple computers available) w/ Windows 7, 64 bit.

Per http://support.microsoft.com/kb/2593557 :

When you add a delegate, Outlook also tries to grant "send on behalf of" permission to the delegate by default. This permission is written to the publicDelegates attribute of your user object in Active Directory.

The issue that is described in "Symptoms" can occur for either (or both) of the following reasons.

• The global catalog (GC) server to which your Outlook client is connected is not local to your domain.
  
  If your Outlook client is connected to a GC that is not local to your domain, the publicDelegates attribute cannot be written to your user object in Active Directory.
• The SELF object does not have the Write Personal Information right on your Active Directory user object.

I checked that:
[1] the GC is definitely local to my domain - I only have one domain. I have 2 GCs, both are logically local and physically local.
[2] the self object does not have the Write Personal Information right on your Active Directory account

The latter was in fact true, in ADUC (advanced view) I did not have "Write Exchange Personal Information" (image below - In the image I already checked the box, originally is was not checked).
*edit - this is not correct, I was looking at the wrong attribute

**EDIT - this is incorrect
Unfortunately, Adding SELF to "Write Exchange Personal Information" did not fix the issue. Yes, I logged out and in. I also rebooted for good measure. Maybe I didn't wait long enough for AD replication. Regardless, I went ahead with the "Fix it for me..." from M$ http://go.microsoft.com/?linkid=9830127 and I was off to the races.

**EDIT
The attribute in question is "Write Personal information",  NOT "write Exchange Personal Information".

*adding the proper security DOES fix the problem.

*DO NOT run the Microsoft Fix it because, upon further investigation, this does not fix the problem, it only suppresses the error message.

This can be run/scripted via powershell

Add-ADPermission -Identity 'MailboxCanonicalName' -User 'NT Authority\self' -AccessRights ReadProperty, WriteProperty -Properties 'Personal Information'

to get the mailbox canonicalname use:
get-mailbox
or
get-mailbox | select name,alias

Good Luck