Solved

Active Directory User Account Permissions Mysteriously Reset

Posted on 2006-06-22
3
283 Views
Last Modified: 2008-02-26
I am having trouble getting permissions set in Active Directory to "Set".  I am setting a permission for a user account to have the "Send As" permission.  what happens is I set the permission and test that it works.  some time later (about an hour or so) I'll get a call that the user cannot on behalf again.  I check the permissions and the one I created has mysteriously disappeared!  this also happens if I use the inherit permissions tickbox, I go back and the tick is removed and the permissions are gone!  p

Please help as this is driving me round the twist.  
0
Comment
Question by:FOSnet
3 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17010491
It's most likely those users are in protected groups.  Once an hour the DC will compare ACLs on all objects for those objects in admin groups with what is in AdminSDHolder container, if they are different it resets the permission on those objects to what is set on the AdminSDHolder object.

Check out these articles


Description and Update of the Active Directory AdminSDHolder Object

http://support.microsoft.com/?id=232199
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?id=318180
Delegated permissions are not available and inheritance is automatically
disabled
http://support.microsoft.com/?id=817433
AdminSDHolder Object Affects Delegation of Control for Past Administrator
Accounts
http://support.microsoft.com/?id=306398
Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?id=301188
"You do not have sufficient permissions in the Domain" error message occurs
and Exchange Setup does not respond
http://support.microsoft.com/?id=319966
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now