Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active Directory Security Permissions Keep Changing Back Every 35 minutes

Posted on 2006-11-15
3
Medium Priority
?
438 Views
Last Modified: 2008-02-01
Someone please help me before I go insane!!

I am running a domain based network which has several 2003 servers but also a couple of 2000 servers. I am running AD and control all my user accounts within an OU that I have created called "Profiles". Under this OU are other OU's to seperate out the different departments and then we have the actual profile settings.

I am having a problem with 5 profiles that reside in different department OU's in that when I View>Advanced Settings and right click the profile Properties>Security tab and add an account that will have the rights to "Send As" and Recieve As" (for exchange using a BES) and then click apply, 35 minutes later (or thereabouts) I come back to check and the account that I have added here has been removed!

I am not having this problem with any other account that I have done this for other than the 5 that I have mentioned.

The only difference that I can see between these accounts and the accounts that I have no problem with is that when you look at the Security tab of the account profile and clcik advanced in the bottom left hand corner, the tick that allows for inheritable permissions to propergate this object is not ticked and the inherited groups have not been pulled through. If I tick this box and click apply the same thing happens in that after about 35 minutes the tick has been removed and I am back to square one.

As I eluded to above, I need to do this because we are running a Blackberry Enterprise Server.

So someone please let me know what is going on!!!
0
Comment
Question by:flowit
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 17945855
These users are (or have been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question