-
Title
Unable to delete user accounts, access denied to msExchActiveSyncDevices -
Description
Users with the "Users - Full Control" access template are unable to delete users because they do not have access to delete the ExchangeActiveSyncDevices container under the user.
-
Cause
The Built-in User - Full control access template only allows access to user objects; the subcontained object was not covered.
Example: The object class msExchActiveSyncDevices.
-
Resolution
WORKAROUND:
To be able to delete the user and the subcontained objects, a new Access Template can be created:
1) On ‘Select object classes to apply permissions on to’ click on: ‘Only the following classes’;
2) Locate and select class: ms-Exch-Active-Sync-Device, ms-Exch-Active-Sync-Devices and ms-Exch-Active-Sync-Device-Autoblock-Threshold:
3) Click ‘Next’ and select Full Control Access from ‘Select Permissions Category’;
4) Apply the newly create AT to the appropriate group.
You can also view other subcontained objects on Users from ActiveRoles Console by using "View" -> "Users and Contacts as Containers".