?
Solved

ActiveSync and Exchange 2010 - Moved users from 2003

Posted on 2011-10-14
11
Medium Priority
?
254 Views
Last Modified: 2012-05-12
Hi,

If I create a new user on 2010 exchange server activesync works for the user.  If I move the user over from 2003 to 2010 it does not work for that user.  I am 100% sure it has to do with user security settings in AD, does anyone know which setting I need to change to get this work?

Thanks
0
Comment
Question by:FundFire
  • 5
  • 4
  • 2
11 Comments
 
LVL 6

Expert Comment

by:Gerald26
ID: 36968447
Hello, here is a quick answer, you might try this
Open DSA.MSC
Click View --> Advanced functionnality
Browse your user object
Open its properties
Click Security Tab
Click advanced

Check the "herit permissions from parent" checkbox

Retry active sync

This check box is unchecked when a user is put in Domain Admin group at least once.
When removed, this box stays unchecked. It can not get new exchange permissions that give the object the right to create the phone folder in its activesync exchange directory.
Applying new permissions should fix the problem.

Hope that helps !

0
 
LVL 9

Expert Comment

by:Ahmed786
ID: 36968449
what error do you get on the exchange server event log
0
 

Author Comment

by:FundFire
ID: 36968506
On the ipad I get connection to server failed.  I know it is security settings because I took a 2003 test user and I went through the AD security tab and compared it with a new user that I created on 2010, they were many differences.  So I made the 2003 user exactly like the 2010 user and when I did that the Activesync started to work for 2003 user.  But, I made many changes to security and I am not sure which one was it that fix the problem.  So, I was looking to find out if someone can give me a quick answer before I spend hours on this.
 
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 9

Expert Comment

by:Ahmed786
ID: 36968512
You can go though attached doc to resolve for that user.
On-a-Domain-Controller.doc
0
 

Author Comment

by:FundFire
ID: 36968538
Hi Gerald26,

It is already checked.
0
 
LVL 6

Expert Comment

by:Gerald26
ID: 36968627
You can increase the verbosity of activesync related services and analyze what really happens when it fails:

Powershell line should be something like that :
get-eventloglevel |? {$_.identity -like "*activesync*"} |set-eventloglevel -level expert

Open in new window


to disable it :
get-eventloglevel |? {$_.identity -like "*activesync*"} |set-eventloglevel -level lowest

Open in new window


Analyze EVENTVWR.EXE applications and system logs. You will get usefull clues there.
0
 

Author Comment

by:FundFire
ID: 36969430
Hi,

There is a complete group missing for the users that I moved from 2003 to 2010, it is called Exchange Windows Permission.  I added the group to the account and it started working but, I needed to give the user full control.  Does anyone know what security setting I need setup on the group and what does that group do?
0
 
LVL 6

Expert Comment

by:Gerald26
ID: 36970112
Is the user wiht problem a member of these groups ? If yes, I see what your problem is.

Check every group

Account Operators,
Administrators,
Backup Operators,
Domain Admins,
Domain Controllers,
Enterprise Admins,
Print Operators,
Read-Only Domain Controllers,
Replicator,
Schema Admins, and
Server Operators.  
0
 
LVL 6

Expert Comment

by:Gerald26
ID: 36970136
Also, Tell me if users with active sync problems are output by this command

ldifde -f CheckUsers.txt -d dc=<domain DN>  -r “(&(objectcategory=person)(objectclass=user)(admincount=1))” -l  samAccountName

It's in the TXT file. Replace DomainDC with your domain DN :)

0
 

Accepted Solution

by:
FundFire earned 0 total points
ID: 37020690
The problem is fixed now.  What I had to do is to add the user Pre-Windows 2000 computer access.
0
 

Author Closing Comment

by:FundFire
ID: 37126798
None
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month8 days, 7 hours left to enroll

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question