Your account in Microsoft Exchange Server does not have have permissions to synchronize with your current settings 0x85010004 or Eventid 1053 Exchange ActiveSync doesn’t have sufficient permissions to create the user container under Active Directory user "Active Directory operation failed on domain controller.

Error: Your account in Microsoft does not have have to synchronize with your current settings.



doesn’t have sufficient to create the "CN=ward,OU=Users,DC=wardvissers,DC=local" container under user "Active Directory operation failed on This error is not retriable. Additional information: Access is denied.
response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\ Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn’t have any deny that block such operations.

Because my account has domain admins the settings will be reset every hour by

Each domain has an object called AdminSDHolder, which resides in the System container of the domain. The Admin-SDHolder object has a unique Access Control List (ACL), which is used to control the of principals that are members of built-in privileged groups (what I like to call “protected” groups). Every hour, a background process called SDPROP runs on the domain controller that holds the PDC Emulator operations master role. It compares the ACL on all principals (users, groups and computer accounts) that belong to protected groups against the ACL on the AdminSDHolder object. If the ACL lists aren’t the same, the ACL on the security principal is overwritten with the ACL from the Admin–SDHolder object. In addition, inheritance is disabled on the security principal.

Temporally Solution:

1. Users and Computers

2. Enable Advanced Features
3. Search the User and go to the tab.

4. Advanced

5. Include Inheritable from the Object’s parent

Source: Blog

Translate »
%d bloggers like this: