The other day we got this error on our Exchange 2010 when synchronising e-mail on a mobilephone using ActiveSync. When we tried to setup the ActiveSync account, we got the following error message (Source MSExchange ActiveSync, ID 1053) on the serverâ€™s eventlog.
Exchange ActiveSync doesnâ€™t have sufficient permissions to create the â€œCN=username,OU=OU Name,DC=dc-name,DC=localâ€ container under Active Directory user â€œActive Directory operation failed on dc-name.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0â€œ.
Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type â€œmsExchangeActiveSyncDevicesâ€ and doesnâ€™t have any deny permissions that block such operations.
To fix it logon your DC Server:
- Open “Active Directory Users and Computers”.
- Find the user, and right click, select “Properties”.
- Select “Security” Fan.
- Click “Advanced”.
- And check “Include inherited permissions from this object`s parrent”.
- And then click Apply.
That’sÂ it !