Active Directory User Account Permissions Mysteriously Reset

I am having trouble getting permissions set in Active Directory to "Set".  I am setting a permission for a user account to have the "Send As" permission.  what happens is I set the permission and test that it works.  some time later (about an hour or so) I'll get a call that the user cannot on behalf again.  I check the permissions and the one I created has mysteriously disappeared!  this also happens if I use the inherit permissions tickbox, I go back and the tick is removed and the permissions are gone!  p

Please help as this is driving me round the twist.  
FOSnetAsked:
Who is Participating?
 
PberConnect With a Mentor Solutions ArchitectCommented:
It's most likely those users are in protected groups.  Once an hour the DC will compare ACLs on all objects for those objects in admin groups with what is in AdminSDHolder container, if they are different it resets the permission on those objects to what is set on the AdminSDHolder object.

Check out these articles


Description and Update of the Active Directory AdminSDHolder Object

http://support.microsoft.com/?id=232199
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?id=318180
Delegated permissions are not available and inheritance is automatically
disabled
http://support.microsoft.com/?id=817433
AdminSDHolder Object Affects Delegation of Control for Past Administrator
Accounts
http://support.microsoft.com/?id=306398
Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?id=301188
"You do not have sufficient permissions in the Domain" error message occurs
and Exchange Setup does not respond
http://support.microsoft.com/?id=319966
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.