<div>
This is very interesting - I am not sure if this user was part of a protected group in the past but it would explain the behavior.
</div>


This is very interesting - I am not sure if this user was part of a protected group in the past but it would explain the behavior.

<div>
<div class="content wysiwyg-content">
I run a Win 2003 AD enterprise. &nbsp;I have a user account that will simply not retain permissions that are set on it under the advanced features, security tab in AD Users and Computers. &nbsp;I check the allow inheritable permissions box under advanced and I also have applied a couple of explicit permissions on this object. I then push out a replication using replmon to make sure the other DC's are updated. &nbsp;Within 45 mins or so the allow inheritable box is unchecked agaion and the explicit advanced permissions I had set are gone. &nbsp;I have tried this succesfully wth other users in the same OU and it worked fine. &nbsp;I have also reviewed this users attributes in ADSI Edit and nothing seems to look wrong - although I do not know every single attribute. &nbsp;This happened to me a few months ago with another account in a different OU and all I could do was delete and recreate the object. &nbsp;I'd like to avoid doing that if possible but I am not sure what else I can do or what would cause the object to not retain the permissions settings. &nbsp;
</div>
</div>


I run a Win 2003 AD enterprise.  I have a user account that will simply not retain permissions that are set on it under the advanced features, security tab in AD Users and Computers.  I check the allow inheritable permissions box under advanced and I also have applied a couple of explicit permissions on this object. I then push out a replication using replmon to make sure the other DC's are updated.  Within 45 mins or so the allow inheritable box is unchecked agaion and the explicit advanced permissions I had set are gone.  I have tried this succesfully wth other users in the same OU and it worked fine.  I have also reviewed this users attributes in ADSI Edit and nothing seems to look wrong - although I do not know every single attribute.  This happened to me a few months ago with another account in a different OU and all I could do was delete and recreate the object.  I'd like to avoid doing that if possible but I am not sure what else I can do or what would cause the object to not retain the permissions settings.  

AD account will not retain permissions

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).