One user can sync his iPhone and not the other. How do you go about troubleshooting that? You can't find any obvious difference between the two accounts. I was in that exact position last night with some two different accounts.
The symptoms was strange. One account worked just fine and no issues connecting an sync his phone. The other could verify his account information but when he tried to sync a folder, contact or calendar, It just stopped with a simple iPhone message "unable to connect to server". iPhones are easy to use until there is a problem. You cant get much out of an error message relayed to you from a user.
The issue was how ever resolved when I discovered that it was the folder sync that returned 500 internal server error on the second user. I went in to the AD and enabled "Advanced Features" in the "View" menu. Then selected properties on the user, enter the "Security" tab, select "Advanced" and make sure that the "Include inheritable permissions from this object's parent" check box is checked.
Great way to do troubleshooting on this type of issues is to use: https://www.testexchangeconnectivity.com/
A while ago I updated an Exchange Server 2007 with the latest service pack for a client. The SP automatically added a new Exchange ActiveSync Mailbox Policy that required the connected devices to be password protected when the screen went dark. It's a good idea for many security reasons but the users didn't like it at all, and the customer is always right. Changed the default policy so password wasn't required anymore and all was good... for a while.
Then the iPhone users started complaining that there auto lock settings was restricted, they could select 1 to 5 minutes but the alternative "Never" was gone. This setting, when password isn't configured, just turns the screen black after a few minutes of inactivity. Again I thought that would be a good thing for many reasons. The iPhone uses enough battery as is. As always if you can't have it you need it, want it and must have it. So I reviewed the settings again. There was a setting called "Time without user input before password must be re-entered (in minutes)" that was set to 15 minutes but it was grayed out. After testing a lot of things I finally executed a powershell command to solve the issue. Then I noticed that the grayed out option had changed to 0 minutes. So I tested to just check the "Require password" check box bringing all the grayed out options back, setting the timeout to 5 minutes, unchecking the "Require password" option, again graying out the setting I just change, then apply. Then the "Never" option disappeared from the iPhone again. So MS did it again, messed up the GUI, a grayed out option shouldn't effect anything.
Thank god for powershell so you can get down with the software properly!
Hope the pictures give you a clear picture of what I mean. If you have any questions hit me with a comment and I will try to answer your questions.