Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

Active Directory Security Permissions Keep Changing Back Every 35 minutes

Someone please help me before I go insane!!

I am running a domain based network which has several 2003 servers but also a couple of 2000 servers. I am running AD and control all my user accounts within an OU that I have created called "Profiles". Under this OU are other OU's to seperate out the different departments and then we have the actual profile settings.

I am having a problem with 5 profiles that reside in different department OU's in that when I View>Advanced Settings and right click the profile Properties>Security tab and add an account that will have the rights to "Send As" and Recieve As" (for exchange using a BES) and then click apply, 35 minutes later (or thereabouts) I come back to check and the account that I have added here has been removed!

I am not having this problem with any other account that I have done this for other than the 5 that I have mentioned.

The only difference that I can see between these accounts and the accounts that I have no problem with is that when you look at the Security tab of the account profile and clcik advanced in the bottom left hand corner, the tick that allows for inheritable permissions to propergate this object is not ticked and the inherited groups have not been pulled through. If I tick this box and click apply the same thing happens in that after about 35 minutes the tick has been removed and I am back to square one.

As I eluded to above, I need to do this because we are running a Blackberry Enterprise Server.

So someone please let me know what is going on!!!
0
flowit
Asked:
flowit
1 Solution
 
oBdACommented:
These users are (or have been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now