+1
Shift+right-click "run as different user" is really not that painful when you get used to it. Think of it as sudo for Windows. :) Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: Chris [mailto:[email protected]] Sent: Thursday, June 17, 2010 9:28 AM To: MS-Exchange Admin Issues Subject: Re: ActiveSync and Domain Admins Then you also have the issue of why you are using domain admin account all of the time and not use a separate account when elevated privileges are needed. As a side note: you will get a very similar problem with a blackberry enterprise server if you try to set up a user account who has elevated domain credentials Chris On Thu, Jun 17, 2010 at 8:23 AM, Michael B. Smith <[email protected]> wrote: It's not a problem, per se. It's by design. ActiveSync won't work with accounts in any of the protected groups. In order to support RBAC, Exchange has to have permissions over much of the AD. Protected accounts/groups are explicitly restricted from Exchange having control over them. Otherwise, any Exchange admin could make themselves a domain admin, enterprise admin, backup operator, server operator, etc.etc. There is technical documentation on this change, but it isn't very accessible from a "normal admin" perspective (that is, ok you made that change - what does it mean to me). I bugged that last week. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Paul Steele [mailto:[email protected]] Sent: Thursday, June 17, 2010 9:17 AM To: MS-Exchange Admin Issues Subject: ActiveSync and Domain Admins I noticed that my personal account did not work on my iPod with ActiveSync, but my test account worked ok. I did some checking and came across an article that said that ActiveSync does not work if the user is in the Domain Admins group. ExRCA fails as well with the error: ExRCA is attempting the FolderSync command on the Exchange ActiveSync session. The test of the FolderSync command failed. Additional Details Exchange ActiveSync returned an HTTP 500 response. Has anyone else encountered this problem? CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original
