AD account will not retain permissions

I run a Win 2003 AD enterprise.  I have a user account that will simply not retain permissions that are set on it under the advanced features, security tab in AD Users and Computers.  I check the allow inheritable permissions box under advanced and I also have applied a couple of explicit permissions on this object. I then push out a replication using replmon to make sure the other DC's are updated.  Within 45 mins or so the allow inheritable box is unchecked agaion and the explicit advanced permissions I had set are gone.  I have tried this succesfully wth other users in the same OU and it worked fine.  I have also reviewed this users attributes in ADSI Edit and nothing seems to look wrong - although I do not know every single attribute.  This happened to me a few months ago with another account in a different OU and all I could do was delete and recreate the object.  I'd like to avoid doing that if possible but I am not sure what else I can do or what would cause the object to not retain the permissions settings.  
Who is Participating?
oBdAConnect With a Mentor Commented:
If the user objects in question are (or have been at some point) members of the Administrators group (or another protected group; this can include nested groups!), then that's why. Control over protected groups can by default not be delegated.

Delegated Permissions Are Not Available and Inheritance Is Automatically Disabled

Description and Update of the Active Directory AdminSDHolder Object
mrsmileynsAuthor Commented:
This is very interesting - I am not sure if this user was part of a protected group in the past but it would explain the behavior.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.