Exchange Server Inheritable Permissions Needs to be Applied in order for Active Sync to function when a Mailbox is moved from Exchange 2007 to 2013

Exchange 2013 - some users can't use ActiveSync [solved, AD permissions/groups]

Recently, I was at a customer reporting issues with several users not being able to synchronize their mobile devices using ActiveSync. The customer was running Exchange 2013 CU16 and used various mobile devices, e.g. iPhones as well as Android phones and tablets. So, I dig down 

Solution:

When a mail box is moved from exchange 2007 to exchange 2013, Exchange Server inheritable permissions needs to be added in order for Active Sync to function.

  1. Open Active Directory Users and Computers
  2. On the menu at the top of the console, click View > Advanced Features.
  3. Locate and right-click the mailbox account in the console, and then click Properties.
  4. Click the Security tab.
  5. Click Advanced.
  6. Make sure that the check box for "Include inheritable permissions from this object's parent" is selected.
If the user is a member of certain protected groups such as Domain Administrators, it is normal for this box to be unchecked. If you are experiencing a problem with members of these protected groups you should check the permissions on the AdminSDHolder object.





Comments

Post a Comment

Popular posts from this blog

Image
Faulting application name: hostcontrollerservice.exe, version: 16.0.775.0, time stamp: 0x5211bea8 Application Error Faulting application name: hostcontrollerservice.exe, version: 16.0.775.0, time stamp: 0x5211bea8 Faulting module name: KERNELBASE.dll, version: 6.2.9200.17637, time stamp: 0x56980227 Exception code: 0xe0434352 Fault offset: 0x000000000004b418 Faulting process id: 0x4878 Faulting application start time: 0x01d2a139409a0421 Faulting application path: D:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 80ceb831-0d2c-11e7-950e-005056be650e Faulting package full name: Faulting package-relative application ID: Solution: Stop the Microsoft Exchange Search service and Microsoft Exchange Search Host Controller (this one probably already is). Edit the file installconfig located in C: \ Program Files \ Microsoft \ Exchange Server \ V15 \ Bin \ Search \ Ceres \ Ins
Read more

How to Configure ActiveSync Virtual Directories in coexistence between exchange 2007 and 2013, when you have different external and internal namespaces

Image
In coexistence environment (exchange 2007-2013), we could set Exchange 2013 ActiveSync External URL to mail.yourexternaldomain.com and set Internal URL to mail.yourinternaldomain.com . And set Exchange 2007 Internal URL to  mail.yourinternaldomain.com  and set External URL to Null .  We could run the following commands. Set-ActiveSyncVirtualDirectory -Identity "<CAS2013>\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalUrl "https:// mail.yourexternaldomain.com /Microsoft-Server-ActiveSync"    –InternalURL “https:// mail.yourinternaldomain.com /Microsoft-Server ActiveSync” Set-ActiveSyncVirtualDirectory -Identity "<CAS2007>\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalUrl $Null    –InternalURL “https:// mail.yourinternaldomain.com  /Microsoft-Server-ActiveSync”
Read more

How to prevent sending external e-mail, but allow internal e-mail in Microsoft Exchange Server.

Image
Sometime may be you have internal & external domains configured in your organization and you don't want allow internal users to send emails outside the organization or to the public domains. You can achieve this using Microsoft Exchange Transport rules. Suppose you have all internal users in OU name "InternalMail" create a distribution group in the OU and add all internal users as member. Open up Exchange admin console " https://yourexchangeserver/ecp " and navigate to "mail flow" -> "Rules" Click the + button -> " Restrict messages by sender or recipient " In this example " extblk " is a distribution group. Added two conditions first is " the recipient is located " second is " the sender is a member of " Review the Rule mode is set to "Enforce" and leave other settings default and save the rule. You are done !
Read more