[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Active Directory User Account Permissions Mysteriously Reset

I am having trouble getting permissions set in Active Directory to "Set".  I am setting a permission for a user account to have the "Send As" permission.  what happens is I set the permission and test that it works.  some time later (about an hour or so) I'll get a call that the user cannot on behalf again.  I check the permissions and the one I created has mysteriously disappeared!  this also happens if I use the inherit permissions tickbox, I go back and the tick is removed and the permissions are gone!  p

Please help as this is driving me round the twist.  
0
FOSnet
Asked:
FOSnet
1 Solution
 
PberSolutions ArchitectCommented:
It's most likely those users are in protected groups.  Once an hour the DC will compare ACLs on all objects for those objects in admin groups with what is in AdminSDHolder container, if they are different it resets the permission on those objects to what is set on the AdminSDHolder object.

Check out these articles


Description and Update of the Active Directory AdminSDHolder Object

http://support.microsoft.com/?id=232199
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?id=318180
Delegated permissions are not available and inheritance is automatically
disabled
http://support.microsoft.com/?id=817433
AdminSDHolder Object Affects Delegation of Control for Past Administrator
Accounts
http://support.microsoft.com/?id=306398
Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?id=301188
"You do not have sufficient permissions in the Domain" error message occurs
and Exchange Setup does not respond
http://support.microsoft.com/?id=319966
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now