AD account will not retain permissions
Posted on 2006-06-08
I run a Win 2003 AD enterprise. I have a user account that will simply not retain permissions that are set on it under the advanced features, security tab in AD Users and Computers. I check the allow inheritable permissions box under advanced and I also have applied a couple of explicit permissions on this object. I then push out a replication using replmon to make sure the other DC's are updated. Within 45 mins or so the allow inheritable box is unchecked agaion and the explicit advanced permissions I had set are gone. I have tried this succesfully wth other users in the same OU and it worked fine. I have also reviewed this users attributes in ADSI Edit and nothing seems to look wrong - although I do not know every single attribute. This happened to me a few months ago with another account in a different OU and all I could do was delete and recreate the object. I'd like to avoid doing that if possible but I am not sure what else I can do or what would cause the object to not retain the permissions settings.