Users can only connect to exchange 2010 mailboxes only if they're a member of Domain Admins group.

I recently started a new job and I'm stepping on all kinds of land mines and blind spots. One of the land mines..... All users in the domain are members of Domain Admins and if removed they loose access to respective Exchange 2010 Mailbox.  I've searched the web on the issue and everyone points at "removing the Deny Access for Domain Admins" not sure if that is the solution... Anyways ran the follwing command on EMS and got the follwing result..

So again issue at hand...I cant get the users to connect to the mailbox or webmail if I remove them from domain admins group. They get propted for their user name and pssword and not allowed.

Apprisciate your help everyone.

[PS] C:\Windows\system32>get-organizationconfig | get-adpermission | ?{$_.Deny.IsPresent -eq $true} | sort user | ft use
r,deny,isinherited,extendedrights -autosize

User                             Deny IsInherited ExtendedRights
----                             ---- ----------- --------------
NT AUTHORITY\Authenticated Users True       False
\Administrator              True       False {Send-As}
\Administrator              True       False {Receive-As}
\Domain Admins              True       False {ms-Exch-EPI-Impersonation}
\Domain Admins              True       False {ms-Exch-Store-Transport-Access}
\Domain Admins              True       False {ms-Exch-Store-Constrained-Delegation}
\Domain Admins              True       False {ms-Exch-EPI-Token-Serialization}
\Domain Admins              True       False {Receive-As}
\Domain Admins              True       False {Send-As}
\Domain Admins              True       False {ms-Exch-Store-Read-Access}
\Domain Admins              True       False {ms-Exch-Store-Read-Write-Access}
\Enterprise Admins          True       False {ms-Exch-Store-Constrained-Delegation}
\Enterprise Admins          True       False {Send-As}
\Enterprise Admins          True       False {ms-Exch-Store-Read-Write-Access}
\Enterprise Admins          True       False {ms-Exch-Store-Read-Access}
\Enterprise Admins          True       False {ms-Exch-Store-Transport-Access}
\Enterprise Admins          True       False {ms-Exch-EPI-Token-Serialization}
\Enterprise Admins          True       False {Receive-As}
\Organization Management    True       False {ms-Exch-EPI-Impersonation}
\Organization Management    True       False {Receive-As}
\Organization Management    True       False {Send-As}
\Organization Management    True       False {ms-Exch-EPI-Token-Serialization}
\Schema Admins              True       False {ms-Exch-EPI-Token-Serialization}
\Schema Admins              True       False {ms-Exch-EPI-Impersonation}

[PS] C:\Windows\system32>