Not able to send e-mails because I am member of domains admins security group
 

I am member of domain admins security group as i am a administrator for the domain. How am i suppose to be able to send e-mails from my blackberry as if you add BESAdmin account and give it send as permisson within 5 minutes it is gone due to security stuff inside exchange 2003 SP2. Any help would be great.

http://www.blackberryforums.com/bes-...directory.html

1. Open AD Users and Computers
2. Select View and Advanced Settings
3. Create a Domain Local Security group at the highest OU level that contains the users accounts that have Blackberrys.
4. Add these users as members of the group.
5. Go to the Security Tab for the group.
6. Click Advanced Permissions button.
7. Click Add and select the account that you use as your BES service account.
8. On the Permissions page change the drop down for Apply Onto to read User Objects
9. Then set Send As and Read permissions
10. Make sure the Apply These Permissions to Objects Within This Container box is unchecked.
11. Click Ok out of all the permissions pages.
12. Then restart exchange system attendant to refresh the permissions cache.
13. You'll now find that the permission is inherited by all your BB users and it will now stick.

To add... I believe this is also required:
dsacls "cn=AdminSDHolder,cn=System,dc=domain,dc=com" /G "domain.com\BlackBerrySA:CA;Send As"

I don't believe the Domain Local group step is necessary to resolve the Domain Admins issue you're having, that should be taken care of by dsacls on the AdminSDHolder. But, having that group is still a very good idea which will save you from having to set the Send As permission manually on users.

I am absolutely amazed that there are still people dealing with this particular issue.

Same Here, I did this....
 

Resolution:

ADMINSDHOLDER object permission change for BES Users in Protect group

1] Added BESAdmin account at domain level and gave Send As permission so that the normal blackberry users are able to send mails.

2] Since we had a number of users who were a member of protected group and creating separate account for those users was not feasible for you we checked “Allow inheritable permissions” option for ADMINSDHOLDER.

Related KB Articles:
Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003

Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003

You remove your user account from the Domain Admins group, create a regular user account that you use for all of your non-administrative functions (including your blackberry) and use a domain admin account for when you need to be an administrator.

Principle of least privilege

Live it, love it, learn it!

You said it. The account you use everyday as a normal user should never be a member of the domain admins or any other active directory administrative group.