How to make Android to connect nicely with Exchange Server 2013

exchange android file-permissions activesync

15,600

Security inheritance is not set by selecting a specific permission. It's a global setting per user object. The step about "select exchange servers" is pointless, you're doing this for all ACL's.

Every AD user should have security inheritance enabled. A ton of software that utilizes these security attributes (especially Exchange and Lync) rely on them.

The only way that option is disabled by default is if it's a domain admin account.

Are you running ActiveSync as an domain admin? Please, don't....

15,600

Vinícius Ferrão

Updated on September 18, 2022

Comments

Vinícius Ferrão over 1 year
Androids can't connect to an Exchange Server 2013 via the ActiveSync protocol. Any other devices can work without problems. We tested the 2.x branch and 4.x branch. Even with an stock Google Nexus 4 we can't connect to our Exchange Server 2013. In Exchange Server 2010 everything works just fine.

With Googling techniques, I've found this workaround:
1. Log onto Domain Controller
2. Start AD Users and Computers
3. Click on View - Advanced Features
4. Double-click on the user who's account wont work with ActiveSync
5. Go to the security tab and then select the advanced button
6. Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.
7. Reconfigure your phone and walk away happy
The problem is: is this secure? Is this recommended? What are the implications of this approach? And finally: if it safe; there's a way to change the default behaviour, so new users with those Android devices can use the mail systems without problems?

Thanks,
- Greg Askew about 11 years
  
  Instead of specifying 'tick', you may want to specify 'check' or 'uncheck'. You may want to test this with Touchdown to see if that works. It may be a policy/compliance issue.
- Vinícius Ferrão about 11 years
  
  Greg, I just copy & pasted the process from Google. And I don't know what is Touchdown. Can you explain a little more?
- Greg Askew about 11 years
  
  TouchDown is an ActiveSync client. If it doesn't work, there is probably something amiss on the server. If it does work, I would suspect a mismatch in the server policies and what the native Android client supports or understands. You can get TouchDown from the Play Store. It works for free for 30-days.
- Vinícius Ferrão about 11 years
  
  Thanks Greg, I will look at this. Now I need to get the Android back again since I don't have one :)
Vinícius Ferrão about 11 years

Hello Pauska. I'm not running it as an Domain Admin. I'm testing it with my normal user account.
pauska about 11 years

Your normal users account should have inheritance enabled. Does it solve your problem?
Vinícius Ferrão about 11 years

Yes pauska; it solves. But what I cannot understand is why my account wasn't with this permission. Now that you pointed it, and pointed that inheritance should be enabled I think the problem is solved.