Most Exchange migrations I might find 1-2 of these that can be addressed as one off issues, but today I had customer that had a lot more than usual.
I searched for a good adsiedit, ldp, or other query - no good, its an ACL, not an AD user object property, I did find some .NET examples that I did not want to venture down that road.
And then, I found admondify.net:
This requires a PSS call (or google) to download. Not an install, just an unzip and use utility.
Click Modify Attributes
Select domain, select a DC, Hit the big green arrow
Then select the root or OU you want and enter a custom LDAP query of (objectClass=*) and select add to list
Then Ctrl-a or control select user objects and hit next.
Then you can go to the account tab (normally would be security->advanced in ADUC) and finally select the "allow inheritable permissions to propagate to this object" checkbox and go.
Quick, easy, and best of all, whatever you do generates an XML log file that you can also use to "undo" your changes!