Hi, As a Domain Admin I have been happily using my phone to sync with our Exchange 2003 and 2007 servers. I deployed a new install of Exchange 2010 and moved my mailbox over onto it, and lost the ability to sync. I tracked this down to the AdminSDHolder service running the SDPROP procedure which changed security settings on my account for the Exchnage Servers group and knocked out the ActiveSync ability. Resetting the account to inherit settings fixed it for a short while, but as soon as the process ran, it reset the values and stopped it working again. I know that MS want Domain Admins to run as regular users and elevate their permissions, but I don;t want to. I'll take responsibility for any bad things that happen, so please advise me.... What are the settings that are granted when Inherit Permissions is set that grant ActiveSync to work, and if I set them directly in my security tab, will SDPROP overwrite them? Thanks, Adam

Adam, You are correct that Microsoft does not want your admins to run with domain admin accounts, but would rather have you run applications in 'Run As' mode with administrative privledges. This is for pretty obvious reasons, but it looks like you are willing to take the risk. If that is the case you would need to modify the root account AdminSDHolders attributes so the next time it synced with the admins accounts the new property wouldn't reset. Again, NOT RECOMMENDED. With that being said here is how you do it: - Open ADSI Edit - Browse to "CN=AdminSDHolders,OU=System,DC=yourdomain,DC=com" - go into the properties of the AdminSDHolders and modify the attribute you want to change - Save the changes From that point you can modify the attribute on your admin account and it won't be reset. Below is a good article that discusses this problem and differing solutions. http://msmvps.com/blogs/UlfBSimonWeidner/archive/2005/05/29/49659.aspx -Jorge Jorge R. Diaz PMP, CCNA, MCSE, MCSA Sr. Microsoft Consultant Planet Technologies, Inc.

I wouldn't take that chance. It's an awful administrative practice.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Ed, I couldn't agree with you more :)Jorge R. Diaz PMP, CCNA, MCSE, MCSA Sr. Microsoft Consultant Planet Technologies, Inc.

Thank you for your assistance, it was very helpful.