Correct on both counts. Regards,
Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Chris [mailto:cmu...@gmail.com] Sent: Thursday, June 17, 2010 9:28 AM To: MS-Exchange Admin Issues Subject: Re: ActiveSync and Domain Admins Then you also have the issue of why you are using domain admin account all of the time and not use a separate account when elevated privileges are needed. As a side note: you will get a very similar problem with a blackberry enterprise server if you try to set up a user account who has elevated domain credentials Chris On Thu, Jun 17, 2010 at 8:23 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: It's not a problem, per se. It's by design. ActiveSync won't work with accounts in any of the protected groups. In order to support RBAC, Exchange has to have permissions over much of the AD. Protected accounts/groups are explicitly restricted from Exchange having control over them. Otherwise, any Exchange admin could make themselves a domain admin, enterprise admin, backup operator, server operator, etc.etc. There is technical documentation on this change, but it isn't very accessible from a "normal admin" perspective (that is, ok you made that change - what does it mean to me). I bugged that last week. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Paul Steele [mailto:paul.ste...@acadiau.ca<mailto:paul.ste...@acadiau.ca>] Sent: Thursday, June 17, 2010 9:17 AM To: MS-Exchange Admin Issues Subject: ActiveSync and Domain Admins I noticed that my personal account did not work on my iPod with ActiveSync, but my test account worked ok. I did some checking and came across an article that said that ActiveSync does not work if the user is in the Domain Admins group. ExRCA fails as well with the error: ExRCA is attempting the FolderSync command on the Exchange ActiveSync session. The test of the FolderSync command failed. Additional Details Exchange ActiveSync returned an HTTP 500 response. Has anyone else encountered this problem?
