Solved

Active Directory 2008 - Allow Inheritable permissions from this objects parent object.

Posted on 2011-09-06
1
1,357 Views
Last Modified: 2012-05-12
Hello,
I'm rolling out exchange 2010 currently into my server 2008 AD environment (we're in coexistence with 2003 currently).  So far everything is going well, and I am working on getting activesync to work properly.

So, after I moved my mailbox to the new server, I was unable to get emails and calendar sync to my phone (Droid X) using the native app.  Touchdown (3rd party paid app) works.  So after doing a bit of digging, I found that if I open the ADSI snap-in, open the properties to my AD account, go to security and advanced, the "Allow Inheritable permissions from this objects parent object" box is unchecked.  Once I checked this, Viola!  mail and calendar begin to sync on my phone.

So, the actual question, is there any type of script that could be done to do this across the organization?  I have over 450 users, a good 100 of which will need access to active sync.  I'd rather not have to go about doing this manually (although running a script on my entire AD does seem a bit scary)....

Any thoughts?
JJ
0
Comment
Question by:JamesonJendreas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 36490924
Hi,

You can use ADModify.Net tool. This tools allows you to check/uncheck flag of common attributes across all the users/AD objects.

This can be done using Powershell script as well. But that needs to be customized as per your environment. I wrote a code sometime ago but i would suggest test it using 1 test user.
 
## sets the "Allow inheritable permissions from parent to propagate to this object" check box

# Mention samAccountName of 1 test user in user.txt file

$users = Get-Content C:\user.txt
ForEach($user in $users)
{
$ou = [ADSI]("LDAP://" + $user)
#$ou = [ADSI]"LDAP://cn=testAdm,ou=scom2007,dc=mylab,dc=local"
$sec = $ou.psbase.objectSecurity

if ($sec.get_AreAccessRulesProtected())
   {
    $isProtected = $false ## allows inheritance
    $preserveInheritance = $true ## preserver inhreited rules

    $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
    $ou.psbase.commitchanges()
   Write-Host -foregroundcolor Yellow "$user is now inherting permissions"
   }
else
   {
    Write-Host -foregrouncolor Red "$User is already Inheriting Permissions"
   }
   }

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question