Exchange 2010 Domain Admin Group Member cant do Email Push / ActiveSync Error 0x80072F7D
Hi
as i wrote in my thread
https://www.experts-exchange.com/questions/25088868/ActiveSync-Error-0x80072f7d-with-Exchange-2010.html
exchange push doesent work with user that are member of the domain admin group.
so i removed the user from the domain admin group but the error is still there for the user. what is different from a user that has already been in a domain admin group and one who was not?
as i wrote in my thread
https://www.experts-exchange.com/questions/25088868/ActiveSync-Error-0x80072f7d-with-Exchange-2010.html
exchange push doesent work with user that are member of the domain admin group.
so i removed the user from the domain admin group but the error is still there for the user. what is different from a user that has already been in a domain admin group and one who was not?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
From what I can tell, if the user has been a domain admin in the past this still won't work. The way I have fixed this problem in the past is do do the following
1) Demote the user so the account isn't a domain admin account
2) Disable activesync for the user through the exchange 2010 MC (check the Mailbox Features tab of the Exchange Management Console)
3) Try to sync the the user (should fail) (you can use testexchangeconnectivity.c
4) Open up adsi edit from a domain controller or exchange server and reset the "admin count" from 1 to 0 for the user (right click on the CN=xxx entity usually under CN=Users once you attach to your AD).
5) Check the "Allow inheritable permissions form the parent to propagate to this object and all child object. Include thse with entries explicitly defined here" checkbox from the advanced button on the security tab from the properties of the user account in Active Directory users and computers
6) Reenable activesync for the user through the exchange 2010 MC (check the Mailbox Features tab of the Exchange Management Console)
7) Try to sync the the user again (should now work)
1) Demote the user so the account isn't a domain admin account
2) Disable activesync for the user through the exchange 2010 MC (check the Mailbox Features tab of the Exchange Management Console)
3) Try to sync the the user (should fail) (you can use testexchangeconnectivity.c
4) Open up adsi edit from a domain controller or exchange server and reset the "admin count" from 1 to 0 for the user (right click on the CN=xxx entity usually under CN=Users once you attach to your AD).
5) Check the "Allow inheritable permissions form the parent to propagate to this object and all child object. Include thse with entries explicitly defined here" checkbox from the advanced button on the security tab from the properties of the user account in Active Directory users and computers
6) Reenable activesync for the user through the exchange 2010 MC (check the Mailbox Features tab of the Exchange Management Console)
7) Try to sync the the user again (should now work)
ASKER