RBAC is very, very cool and at the same time kinda like watching paint dry. Possibly the biggest leap forward for Exchange to date. All MS server side Apps will follow this model. Learn it, love it. Of course all my opinion.
M From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, June 17, 2010 6:23 AM To: MS-Exchange Admin Issues Subject: RE: ActiveSync and Domain Admins It's not a problem, per se. It's by design. ActiveSync won't work with accounts in any of the protected groups. In order to support RBAC, Exchange has to have permissions over much of the AD. Protected accounts/groups are explicitly restricted from Exchange having control over them. Otherwise, any Exchange admin could make themselves a domain admin, enterprise admin, backup operator, server operator, etc.etc. There is technical documentation on this change, but it isn't very accessible from a "normal admin" perspective (that is, ok you made that change - what does it mean to me). I bugged that last week. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Paul Steele [mailto:paul.ste...@acadiau.ca] Sent: Thursday, June 17, 2010 9:17 AM To: MS-Exchange Admin Issues Subject: ActiveSync and Domain Admins I noticed that my personal account did not work on my iPod with ActiveSync, but my test account worked ok. I did some checking and came across an article that said that ActiveSync does not work if the user is in the Domain Admins group. ExRCA fails as well with the error: ExRCA is attempting the FolderSync command on the Exchange ActiveSync session. The test of the FolderSync command failed. Additional Details Exchange ActiveSync returned an HTTP 500 response. Has anyone else encountered this problem?
