After migrating to Exchange 2010, a small number of users couldn’t get thier iPhones to sync with Exchange, depite managing to verify the account in the iPhone setup. The thing ther users had in common, was that there were created as Administrators by an old SBS2003 system.
When trying to view the inbox from the iPhone, the following appeared in the application log on the exchnage mailbox server…
Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Freg Smith,OU=Users,OU=XXXXGroup,DC=XXXX,DC=local” container under Active Directory user “Active Directory operation failed on XXXXXXXXXX. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)
This problem is Exchange not having access rights to the user object in active directory, as the SBS account creation tool disabled this for Admin users. To fix the issue, goto the propeties of the user in question in Active Directory Users & Computers, navigate to the security tab, then advanced button, and tick the inherit permissions box. This will allow the required permissions to apply to the user, and mail should start syncing!