[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 485
  • Last Modified:

Exchange, inheritable permissions, smart phone setup

I was called to a school yesterday.  they run Exchange 2010.  the teachers use smart phones and want their exchange account on their smart phones.

the thing is, when you try to set up the account on the smart phone, it fails with "unable to contact server" or similar message.

Now, and this is where I need help, if you go to the user in AD and go to the security tab and put a check mark in Inherit permissions from parent, the mail set up on the smart phone works.

15 minutes later, no joy unless you go in and turn on the inherit permissions again.

So, where is this permission coming from?  Where is the parent and what setting is preventing the user from setting up smart phone mail unless inherit is turned on?

This is a Windows server 2003 domain.

ideas?

Thanks

Cliff
0
crp0499
Asked:
crp0499
  • 7
  • 6
  • 3
  • +1
2 Solutions
 
John SmithCommented:
The user account(s) in question is/are in a privileged group - like Administrators. That removes inheritable permissions.
0
 
crp0499Author Commented:
I don't think so.  This is a school.  It happens to all teacher accounts.  There are several hundred teachers.  They are in groups, but campus and grade, etc.  So, several OU's, across AD, etc.  I have to do this to each teacher regardless of OU.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Hope there isnt any GPO for this ?
The Properties are inherited from the Domain Object in ADUC and then to OU and Sub-OU's and Users\DL'\etc.

- Rancy
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
crp0499Author Commented:
I looked fairly closely at the GPs.  From their named description, I could not discern that there is a GP doing it, but it did sound like a GP, since it resets after 15 minutes.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Check which all GP's apply to a user facing the issue and then can check them.

What if you create a New OU in ADUC and move one user to it just to understand the issue better :)

- Rancy
0
 
crp0499Author Commented:
That's what I just asked the local admin to do, create a new users, in the root of ADUC, not in an OU or Group and we are going to test.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Awesome !! If this passes you and me both know what to do :)
0
 
S_K_SCommented:
How many users affected? 1 or all
0
 
crp0499Author Commented:
All users across the domain.  trying a new user in the root of ADUC to see if it's a GP
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Please keep me updated .....
0
 
S_K_SCommented:
The test of creating a test account would let us know which direction to move ahead with....
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I guess it better to go with Production user as we can get their feedback and plan how to proceed.

- Rancy
0
 
crp0499Author Commented:
created a new user in ADUC root.  mail is flowing like mad and smart phone setup was text book.

so, a GP affecting my OU's, yes?
0
 
S_K_SCommented:
Perfect. Need to check which GP is taking affect on all the OU's and see if that is actually needed or not
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
so, a GP affecting my OU's, yes? - Awesome .... now lets work on it :)
0
 
crp0499Author Commented:
I think I'm going back out Monday now to dig thru with a fine tooth comb.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Cool ... keep us updated with your findings :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 7
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now