• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

Exchange, inheritable permissions, smart phone setup

I was called to a school yesterday.  they run Exchange 2010.  the teachers use smart phones and want their exchange account on their smart phones.

the thing is, when you try to set up the account on the smart phone, it fails with "unable to contact server" or similar message.

Now, and this is where I need help, if you go to the user in AD and go to the security tab and put a check mark in Inherit permissions from parent, the mail set up on the smart phone works.

15 minutes later, no joy unless you go in and turn on the inherit permissions again.

So, where is this permission coming from?  Where is the parent and what setting is preventing the user from setting up smart phone mail unless inherit is turned on?

This is a Windows server 2003 domain.

ideas?

Thanks

Cliff
0
crp0499
Asked:
crp0499
  • 7
  • 6
  • 3
  • +1
2 Solutions
 
John SmithCommented:
The user account(s) in question is/are in a privileged group - like Administrators. That removes inheritable permissions.
0
 
crp0499CEOAuthor Commented:
I don't think so.  This is a school.  It happens to all teacher accounts.  There are several hundred teachers.  They are in groups, but campus and grade, etc.  So, several OU's, across AD, etc.  I have to do this to each teacher regardless of OU.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Hope there isnt any GPO for this ?
The Properties are inherited from the Domain Object in ADUC and then to OU and Sub-OU's and Users\DL'\etc.

- Rancy
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
crp0499CEOAuthor Commented:
I looked fairly closely at the GPs.  From their named description, I could not discern that there is a GP doing it, but it did sound like a GP, since it resets after 15 minutes.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Check which all GP's apply to a user facing the issue and then can check them.

What if you create a New OU in ADUC and move one user to it just to understand the issue better :)

- Rancy
0
 
crp0499CEOAuthor Commented:
That's what I just asked the local admin to do, create a new users, in the root of ADUC, not in an OU or Group and we are going to test.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Awesome !! If this passes you and me both know what to do :)
0
 
S_K_SCommented:
How many users affected? 1 or all
0
 
crp0499CEOAuthor Commented:
All users across the domain.  trying a new user in the root of ADUC to see if it's a GP
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Please keep me updated .....
0
 
S_K_SCommented:
The test of creating a test account would let us know which direction to move ahead with....
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I guess it better to go with Production user as we can get their feedback and plan how to proceed.

- Rancy
0
 
crp0499CEOAuthor Commented:
created a new user in ADUC root.  mail is flowing like mad and smart phone setup was text book.

so, a GP affecting my OU's, yes?
0
 
S_K_SCommented:
Perfect. Need to check which GP is taking affect on all the OU's and see if that is actually needed or not
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
so, a GP affecting my OU's, yes? - Awesome .... now lets work on it :)
0
 
crp0499CEOAuthor Commented:
I think I'm going back out Monday now to dig thru with a fine tooth comb.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Cool ... keep us updated with your findings :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now