Solved

Active Directory Security Permissions Keep Changing Back Every 35 minutes

Posted on 2006-11-15
3
431 Views
Last Modified: 2008-02-01
Someone please help me before I go insane!!

I am running a domain based network which has several 2003 servers but also a couple of 2000 servers. I am running AD and control all my user accounts within an OU that I have created called "Profiles". Under this OU are other OU's to seperate out the different departments and then we have the actual profile settings.

I am having a problem with 5 profiles that reside in different department OU's in that when I View>Advanced Settings and right click the profile Properties>Security tab and add an account that will have the rights to "Send As" and Recieve As" (for exchange using a BES) and then click apply, 35 minutes later (or thereabouts) I come back to check and the account that I have added here has been removed!

I am not having this problem with any other account that I have done this for other than the 5 that I have mentioned.

The only difference that I can see between these accounts and the accounts that I have no problem with is that when you look at the Security tab of the account profile and clcik advanced in the bottom left hand corner, the tick that allows for inheritable permissions to propergate this object is not ticked and the inherited groups have not been pulled through. If I tick this box and click apply the same thing happens in that after about 35 minutes the tick has been removed and I am back to square one.

As I eluded to above, I need to do this because we are running a Blackberry Enterprise Server.

So someone please let me know what is going on!!!
0
Comment
Question by:flowit
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 17945855
These users are (or have been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now