Thanks to a combo of Ramis and Bonnies tips /tricks its all working. Unfortunately its a temporary phone so ill have to go through this next week again.
From: [email protected] To: [email protected] Subject: RE: [NTSysADM] ADSIEdit- access denied Date: Wed, 18 Jun 2014 20:56:27 +0000 This article lists the default protected groups: http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx It looks like Exchange specific groups are not listed there. However, pay attention to your nested group structure since any nested group in protected groups end up being protected. Rami From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Wednesday, June 18, 2014 1:16 PM To: [email protected] Subject: RE: [NTSysADM] ADSIEdit- access denied Would Exchange Organization Management count as a Protected grooup Jean-Paul Natola From: [email protected] To: [email protected] Subject: RE: [NTSysADM] ADSIEdit- access denied Date: Wed, 18 Jun 2014 16:51:26 +0000 Forgot to say, user needs to be taken out of all “protected groups” as well. Rami From: [email protected] [mailto:[email protected]] On Behalf Of Rami SIK Sent: Wednesday, June 18, 2014 9:49 AM To: [email protected] Subject: RE: [NTSysADM] ADSIEdit- access denied A good explanation at http://social.technet.microsoft.com/wiki/contents/articles/22331.adminsdholder-protected-groups-and-security-descriptor-propagator.aspx Once you made the change through ADSIEdit to set to adminCount 0, then enable inheritance in AD under the user account properties Rami From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Tuesday, June 17, 2014 7:26 PM To: [email protected] Subject: [NTSysADM] ADSIEdit- access denied So ever since our exchange 2013 server has been deployed, anytime a user updates their phone os or gets a new telephone they cant reconnect to Exchange, The 100% surefire way is to open ADSIEdit ,expand the user and delete the users exchange container that contains information regarding the older (retired) phones. Hasn't failed till today, this user is a domain admin, and when i try to "fix it" i get access denied is it because he's ad admin as well, or did he possibly "inadvertently " alter some permissions? Jean-Paul Natola If this message is not meant for you, do not use it - please let us know, and then delete it. We try hard to keep our messages and attachments free of viruses and other malicious programs, but are not liable if our precautions don't prevent their spread.
