Skip to main content

Migrated your mailbox to Exchange 2010, ActiveSync connection stopped? You might be a Domain Administrator

·338 words·2 mins
system-administration tech active-directory activesync exchange exchange-2010 sysadmin technology
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure

Came across an interesting little bug which probably would have gone unnoticed if I never migrated my mailbox to our new Exchange 2010 mail server.

After performing a local move request and successfully migrating my mailbox across my exchange account would no longer connect on my Google Nexus 7 (great tablet by the way). Access via Outlook 2010 continued to work as did access via the Outlook Web App. only the connection to my Nexus 7 (which is performed via ActiveSync) ceased to work.

I did some digging and found that my user account in Active Directory had some broken ACL inheritance and thus did not have the Exchange Servers group tied to my account. This prevents our shiny new Exchange 2010 server from updating the ActiveSync information in the user object and thus my Nexus 7 is probably still pointing to the old server.

Now when I say broken, I do mean broken with a by design tacked on the end.

Because my account is a part of the Domain Administrators security group, inheritance of security permissions is removed to protect them (from any silly shenanigans a person with too much power might cause). Let’s bring back the inheritance;

  1. Open up Active Directory Users and Computers MMC snap-in
  2. Go to View>Advanced Features to enable all the really cool stuff
  3. Find the affected user object (right-click on the domain and click Find is the quickest)
  4. Right-click on the user object followed by clicking Properties
  5. In the new window click on the Security tab followed by clicking on Advanced
  6. Tick the box next to Include inheritable permissions from this object’s parent and click Apply

And you’re done! Just like that, mail should flow back on your favourite ActiveSync device

If you want to keep the put back up the safety barrier you can happily un-tick the box as it was previously now that the necessary permissions have inherited to the user object (remember to click Add on the prompt that will follow to keep your current and correct permissions).

Related

Export email addresses via Exchange Powershell
·298 words·2 mins
system-administration tech exchange exchange-2007 exchange-2010 powershell sysadmin technology
The other week I had a request for a list of all email addresses of staff for use with a legacy VOIP system.
Exchange 2010 and "The certificate status could not be determined because the revocation check failed"
·234 words·2 mins
system-administration tech certificate exchange-2010 proxy ssl sysadmin technology
On Friday while I was preparing our new Exchange 2010 VM for coexistance with our current Exchange 2007 physical box (more on that later) I ran into a annoying snag.
Bulk creation of Active Directory User accounts via Powershell v2
·378 words·2 mins
system-administration tech active-directory powershell sysadmin technology
Most system administrators that I know has the burden (or the joy if you like a challenge) of creating and managing large quantities of users in Active Directory.