• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1374
  • Last Modified:

Active Directory 2008 - Allow Inheritable permissions from this objects parent object.

Hello,
I'm rolling out exchange 2010 currently into my server 2008 AD environment (we're in coexistence with 2003 currently).  So far everything is going well, and I am working on getting activesync to work properly.

So, after I moved my mailbox to the new server, I was unable to get emails and calendar sync to my phone (Droid X) using the native app.  Touchdown (3rd party paid app) works.  So after doing a bit of digging, I found that if I open the ADSI snap-in, open the properties to my AD account, go to security and advanced, the "Allow Inheritable permissions from this objects parent object" box is unchecked.  Once I checked this, Viola!  mail and calendar begin to sync on my phone.

So, the actual question, is there any type of script that could be done to do this across the organization?  I have over 450 users, a good 100 of which will need access to active sync.  I'd rather not have to go about doing this manually (although running a script on my entire AD does seem a bit scary)....

Any thoughts?
JJ
0
JamesonJendreas
Asked:
JamesonJendreas
1 Solution
 
NavdeepCommented:
Hi,

You can use ADModify.Net tool. This tools allows you to check/uncheck flag of common attributes across all the users/AD objects.

This can be done using Powershell script as well. But that needs to be customized as per your environment. I wrote a code sometime ago but i would suggest test it using 1 test user.
 
## sets the "Allow inheritable permissions from parent to propagate to this object" check box

# Mention samAccountName of 1 test user in user.txt file

$users = Get-Content C:\user.txt
ForEach($user in $users)
{
$ou = [ADSI]("LDAP://" + $user)
#$ou = [ADSI]"LDAP://cn=testAdm,ou=scom2007,dc=mylab,dc=local"
$sec = $ou.psbase.objectSecurity

if ($sec.get_AreAccessRulesProtected())
   {
    $isProtected = $false ## allows inheritance
    $preserveInheritance = $true ## preserver inhreited rules

    $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
    $ou.psbase.commitchanges()
   Write-Host -foregroundcolor Yellow "$user is now inherting permissions"
   }
else
   {
    Write-Host -foregrouncolor Red "$User is already Inheriting Permissions"
   }
   }

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now