I'm in the domain admins group, and I got my Windows Mobile to work after migrating to 2010 by going in and enabling inheritance on my user account in AD. The adminSDholder process will disable inheritance again but it appears that once you enable it and get AS working, it continues to work after inheritance is disabled again.
From: Michael B. Smith [mailto:[email protected]] Sent: Thursday, June 17, 2010 9:00 AM To: MS-Exchange Admin Issues Subject: RE: ActiveSync and Domain Admins And in Exchange 2010 sp1 it's much more accessible and usable. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Matt Moore [mailto:[email protected]] Sent: Thursday, June 17, 2010 9:54 AM To: MS-Exchange Admin Issues Subject: RE: ActiveSync and Domain Admins RBAC is very, very cool and at the same time kinda like watching paint dry. Possibly the biggest leap forward for Exchange to date. All MS server side Apps will follow this model. Learn it, love it. Of course all my opinion. M From: Michael B. Smith [mailto:[email protected]] Sent: Thursday, June 17, 2010 6:23 AM To: MS-Exchange Admin Issues Subject: RE: ActiveSync and Domain Admins It's not a problem, per se. It's by design. ActiveSync won't work with accounts in any of the protected groups. In order to support RBAC, Exchange has to have permissions over much of the AD. Protected accounts/groups are explicitly restricted from Exchange having control over them. Otherwise, any Exchange admin could make themselves a domain admin, enterprise admin, backup operator, server operator, etc.etc. There is technical documentation on this change, but it isn't very accessible from a "normal admin" perspective (that is, ok you made that change - what does it mean to me). I bugged that last week. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Paul Steele [mailto:[email protected]] Sent: Thursday, June 17, 2010 9:17 AM To: MS-Exchange Admin Issues Subject: ActiveSync and Domain Admins I noticed that my personal account did not work on my iPod with ActiveSync, but my test account worked ok. I did some checking and came across an article that said that ActiveSync does not work if the user is in the Domain Admins group. ExRCA fails as well with the error: ExRCA is attempting the FolderSync command on the Exchange ActiveSync session. The test of the FolderSync command failed. Additional Details Exchange ActiveSync returned an HTTP 500 response. Has anyone else encountered this problem? ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **************************************************************************************************
