In each environments that I’ve transitioned from either Exchange 2003 or Exchange 2007 to Exchange 2010, I’ve hit an issue related to Exchange ActiveSync. After moving user mailboxes to Exchange 2010, mobile devices could no longer synchronize with a mailbox. When performing a manual synchronization, I saw this error on the device:
ActiveSync registered a problem on the server.
Support code: 0x85010014
This issue occurs if the AD user object of the Exchange 2010 user doesn’t have “Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.”
Once this setting is checked, Exchange ActiveSync works again.
This issue is easy to fix for a few users (when you know the above that is!), but what if you need to change this setting for several thousands of users?
You could go create a script, but then again what you you don’t have any scripting skills? Well don’t worry, I’ve found out that ADModify.NET is capable of changing this setting on users in bulk.
Just fire up ADModify.NET and select the OU(s) containing the users and check the setting under the Account tab as shown below.
MCM: Exchange 2007 | MVP: Exchange Architecture
MCITP: EMA + EA | MCSE: M + S | TechNet Influent