iPhone users were receiving:
tried rebooting phone - no luck
For SOME reason - the issue was fixed for 5 users by turning off SSL and then back on
For SOME reason - the issue was fixed for 3 users by turning on Airplane mode and then off
That still left me with about 25 users that couldn't get e-mail/calendar/contacts on iPhones.
Troubleshooting led me here (solution 3)
http://www.iphonetopics.com/cannot-get-mail-the-connection-to-the-server-failed/
Again, for SOME reason, some users did not have "Include inheritable permissions from this object's parent" enabled (ticked)
Open Active Directory Users and computer
On the top menu choose View > Advanced Features.
Find and right click the user account and choose Properties.
Choose Security tab. Then choose Advanced.
Select the check box ““Include inheritable permissions from this object’s parent”.
Checking this box fixed the issue, but now the bigger issue was how to do this in bulk for all my users.
Here is a powershell script that will enable (tick the box) for all users in AD recursing down an OU structure
Import-Module activedirectory
$Users = Get-ADUser -LDAPFilter “(ObjectClass=User)” -SearchBase “OU=accounts_active_users,DC=***,DC=***"
ForEach($User in $Users)
{
# Bind users
$OU = [ADSI](“LDAP://” + $User)
$SecGroup = $OU.PSBase.ObjectSecurity
if ($SecGroup.get_AreAccessRulesProtected())
{
$isProtected = $false ## Allows inheritance
$preserveInheritance = $true ## Preserves inheritance
$SecGroup.SetAccessRuleProtection($isProtected, $preserveInheritance)
$OU.PSBase.CommitChanges()
Write-Host “$User inheritance has been set”;
}
else
{
Write-Host “$User inheritance already set”
}
}
taken from: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28553940.html
No comments:
Post a Comment