Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=user name,OU=OU Name,DC=dc-name,DC=local”

The other day we got this error on our Exchange 2010 when synchronising e-mail on a mobilephone using ActiveSync. When we tried to setup the ActiveSync account, we got the following error message (Source MSExchange ActiveSync, ID 1053) on the server’s eventlog.

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=username,OU=OU Name,DC=dc-name,DC=local” container under Active Directory user “Active Directory operation failed on dc-name.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0“.
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

To fix it logon your DC Server:

  1. Open “Active Directory Users and Computers”.
  2. Find the user, and right click, select “Properties”.
  3. Select “Security” Fan.
  4. Click “Advanced”.
  5. And check “Include inherited permissions from this object`s parrent”.
  6. And then click Apply.

That’s it !

VN:F [1.9.22_1171]
Rating: 0.0/6 (0 votes cast)

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=user name,OU=OU Name,DC=dc-name,DC=local”

The other day we got this error on our Exchange 2010 when synchronising e-mail on a mobilephone using ActiveSync. When we tried to setup the ActiveSync account, we got the following error message (Source MSExchange ActiveSync, ID 1053) on the server’s eventlog.

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=username,OU=OU Name,DC=dc-name,DC=local” container under Active Directory user “Active Directory operation failed on dc-name.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0“.
Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

To fix it logon your DC Server:

  1. Open “Active Directory Users and Computers”.
  2. Find the user, and right click, select “Properties”.
  3. Select “Security” Fan.
  4. Click “Advanced”.
  5. And check “Include inherited permissions from this object`s parrent”.
  6. And then click Apply.

That’s it !

VN:F [1.9.22_1171]
Rating: 0.0/6 (0 votes cast)