While recently setting up a new Exchange 2010 box is came across an issue where some users that had active synch enabled for their user account still couldn’t synch using their iPhones or Blackberries.
It turns out that Exchange during its forest prep had gone through AD and turned off inherited permissions on certain user group members that are considered security risks (Exchange Admins, Domain Admins etc). Turning these back on is very easy, so lets get those Blackberry, iPhone and Win mobile devices back online!
- Open Active Directory Users and Computers >> View >> and click Advanced Features
- Open the Properties of the active directory user your having issues synching.
- Select the Security tab and click Advanced.
-
![activesynch1[3]](/asset/blogimages/activesynch1%5B3%5D_f418ed58-339e-4678-9109-5e3a24a2e3d0.png "activesynch1[3]")
Active Directory Users and Computers
- In the Permissions tab make sure the “Include inheritable permissions from this object’s parent” box is ticked
![activesynch2[3]](/asset/blogimages/activesynch2%5B3%5D_bcec4e72-bd23-4fb7-bc1f-d446d58f045c.png "activesynch2[3]")
Active Directory Users and Computers
- Wait for Active Directory to replicate (this can take up to 30 mins) and try to sync the device again. If the issue was caused by a permissions issue then this should make your day :)