You have a user account that belongs to the InetOrgPersonobject class in a Microsoft Exchange Server 2010 environment.
You use the account to access a mailbox by using a Microsoft Exchange ActiveSync device.
You try to synchronize the mailbox on the device to an Exchange Mailbox server.
In this scenario, the synchronization process fails. Additionally, the following event is logged in the Application log on the Exchange Server 2010 Client Access server:
Source: MSExchange ActiveSync Event ID: 1053 Description: Exchange ActiveSync doesn't have sufficient permissions to create the "CN=UserName,OU=OUName,DC=Domain,DC=com" container under Active Directory user "Active Directory operation failed on DCName.domain.com. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0". Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.
This issue occurs because the InetOrgPerson object does not have necessary permissions to perform the synchronization process.
To resolve this issue, install Exchange Server 2010 Service Pack 3 (SP3) on the Exchange Server 2010 servers. For more information about Exchange Server 2010 SP3, click the following article number to view the article in the Microsoft Knowledge Base:
2808208 Description of Exchange Server 2010 Service Pack 3
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about event ID 1053, go to the following ldap389 website:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.