I
Experiencing a problem on some Android devices, the setup of a mailbox with Activesync
do not work. This behavior is caused by wrong permissions on the affected
account which is migrated from a windows NT/2000/2003 active directory system
to a 2008 one and the account was also a domain admin.
The
security are changed by a process on the PDC every hour and the account miss
the “inerithance” flag on the security.
This
article describe better the behavior:
http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspxx
And this is the solution to let the configuration works on Android device:
By
default members of an AD protected group like domain admins or
enterprise admin cannot use microsoft activesync with a exchange 2010
server. They get a error like this: “Result: ActiveSync encountered a
problem on the server. Support code: 0×85010014″.
Solution 1: Remove the protected group memberships for this account, more information about protected groups can be found here.
Solution 2: Goto active directory users and computers, turn on advanced features on the view menu. Go to the user account, security tab and tick the advanced button. After that you have to enable Include inheritable permissions from this object’s parent. Now activesync will work.
Note: some rules apply every hour and will disable inheritance so you have to activesync within this time otherwise you have to repeat the step in Solution 2. When get a other device to activesync with you also have to repeat this action.
- See more at: http://blog.ronnypot.nl/?p=115#sthash.dJQSMgCT.dpuf
Solution 1: Remove the protected group memberships for this account, more information about protected groups can be found here.
Solution 2: Goto active directory users and computers, turn on advanced features on the view menu. Go to the user account, security tab and tick the advanced button. After that you have to enable Include inheritable permissions from this object’s parent. Now activesync will work.
Note: some rules apply every hour and will disable inheritance so you have to activesync within this time otherwise you have to repeat the step in Solution 2. When get a other device to activesync with you also have to repeat this action.
- See more at: http://blog.ronnypot.nl/?p=115#sthash.dJQSMgCT.dpuf
Goto
active directory users and computers, turn on advanced features on the
view menu. Go to the user account, security tab and tick the advanced
button. After that you have to enable Include inheritable permissions
from this object’s parent. Now activesync will work. - See more at:
http://blog.ronnypot.nl/?p=115#sthash.dJQSMgCT.dpuf
Goto active
directory users and computers, turn on advanced features on the view menu. Go
to the user account, security tab and tick the advanced button. After that you
have to enable Include inheritable permissions from this object’s parent. Now
activesync will work.
Mike
By
default members of an AD protected group like domain admins or
enterprise admin cannot use microsoft activesync with a exchange 2010
server. They get a error like this: “Result: ActiveSync encountered a
problem on the server. Support code: 0×85010014″.
Solution 1: Remove the protected group memberships for this account, more information about protected groups can be found here.
Solution 2: Goto active directory users and computers, turn on advanced features on the view menu. Go to the user account, security tab and tick the advanced button. After that you have to enable Include inheritable permissions from this object’s parent. Now activesync will work.
Note: some rules apply every hour and will disable inheritance so you have to activesync within this time otherwise you have to repeat the step in Solution 2. When get a other device to activesync with you also have to repeat this action.
- See more at: http://blog.ronnypot.nl/?p=115#sthash.dJQSMgCT.dpuf
Solution 1: Remove the protected group memberships for this account, more information about protected groups can be found here.
Solution 2: Goto active directory users and computers, turn on advanced features on the view menu. Go to the user account, security tab and tick the advanced button. After that you have to enable Include inheritable permissions from this object’s parent. Now activesync will work.
Note: some rules apply every hour and will disable inheritance so you have to activesync within this time otherwise you have to repeat the step in Solution 2. When get a other device to activesync with you also have to repeat this action.
- See more at: http://blog.ronnypot.nl/?p=115#sthash.dJQSMgCT.dpuf
