So as you all know security provisions of Exchange Server 2010 and up prohibit active sync access for members of schema admins. Since domain admins are schema admins, members of domain admins can't have active sync access. I have a user who, when he was head of networking department, gave his account domain admin membership. Now he moved to programming only and wants to have his emails on his phone. I removed him from any and all administrative group but active sync still doesn't work for him. Last thing I want to do is recreate his mailbox.
Allow ActiveSync to former domain administrator in Exchange 2010
activesyncexchange
Best Answer
This is usually resolved by setting the inheritable permissions flag on the user in question.
Under ADUC, go to
View -> Advanced Features
to expose theSecurity
tab under the user's profile dialog.Return to the user's settings in ADUC and choose the
Security
tab.Click on
Advanced
ensure that "Include Inheritable Permissions From This Object’s Parent" is checked. ClickOK
a couple of times and exit.Try running the ActiveSync again.
You'll also see this if you run the tests at: https://testconnectivity.microsoft.com