Event 1053 ActiveSync doesn't have sufficient permissions to create

Hello all and thanks in advance.

Exchange 2007 to 2013 co-existence.  All email now routed (proxies) through 2013 server.  For everyone, Outlook functional, OWA functional and for everyone else on the old server, EAS is functional.  I only have three clients on the new server.  Outlook and OWA are functional, EAS is not.  Two of those accounts get the following message on the 2013 server:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Name\, User,OU=Users-IT,DC=HALFF,DC=AD" container under Active Directory user "Active Directory operation failed on SRV05.HALFF.AD. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".

Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

These two accounts are also part of several 'protected' security groups such as domain admins and or enterprise admins.  I've seen this KB: http://support.microsoft.com/en-us/kb/2579075 One of these accounts is mine.  Security for my user object is NOT inherited.  I went to make the change in the article and it said 77 items were going to be changed.  "Warning.  The change you are about to make will result in 77 permissions being added to the access control list"

Is this normal for AD objects that are part of protected groups?  What is the best way to get through this?

Thanks,

Willis

April 6th, 2015 10:41pm

Hello

its normal. if user member of "protected" group inherited is disable.
but nomal user not member any protected group so other user enabled default inherit.

Free Windows Admin Tool Kit Click here and download it now
April 7th, 2015 2:03am

Thank you,

So what happens to my users that are in the protected groups after I enable inheritance?  Will they still be able to properly administer the network?  Does the inheritance replace the current security settings on their account or does it add?

Willis

April 7th, 2015 9:05am

Hello

after enable inherited not add "extra" permission for user like domain admin, but exchange trusted subsystem have got enugh permission on user and user can access to email from phone.
after user registering mobile in exch server you can disable inherited but remember when user have got problem. :)

Free Windows Admin Tool Kit Click here and download it now
April 7th, 2015 1:25pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics