Then you also have the issue of why you are using domain admin account all of the time and not use a separate account when elevated privileges are needed.
As a side note: you will get a very similar problem with a blackberry enterprise server if you try to set up a user account who has elevated domain credentials Chris On Thu, Jun 17, 2010 at 8:23 AM, Michael B. Smith <[email protected]>wrote: > It’s not a problem, per se. It’s by design. ActiveSync won’t work with > accounts in any of the protected groups. > > > > In order to support RBAC, Exchange has to have permissions over much of the > AD. Protected accounts/groups are explicitly restricted from Exchange having > control over them. Otherwise, any Exchange admin could make themselves a > domain admin, enterprise admin, backup operator, server operator, etc.etc. > > > > There is technical documentation on this change, but it isn’t very > accessible from a “normal admin” perspective (that is, ok you made that > change – what does it mean to me). I bugged that last week. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Paul Steele [mailto:[email protected]] > *Sent:* Thursday, June 17, 2010 9:17 AM > *To:* MS-Exchange Admin Issues > *Subject:* ActiveSync and Domain Admins > > > > I noticed that my personal account did not work on my iPod with ActiveSync, > but my test account worked ok. I did some checking and came across an > article that said that ActiveSync does not work if the user is in the Domain > Admins group. ExRCA fails as well with the error: > > > > ExRCA is attempting the FolderSync command on the Exchange ActiveSync > session. > > The test of the FolderSync command failed. > > Additional Details > > Exchange ActiveSync returned an HTTP 500 response. > > > > Has anyone else encountered this problem? > > >
