Solved

Active Directory Security Permissions Keep Changing Back Every 35 minutes

Posted on 2006-11-15
3
432 Views
Last Modified: 2008-02-01
Someone please help me before I go insane!!

I am running a domain based network which has several 2003 servers but also a couple of 2000 servers. I am running AD and control all my user accounts within an OU that I have created called "Profiles". Under this OU are other OU's to seperate out the different departments and then we have the actual profile settings.

I am having a problem with 5 profiles that reside in different department OU's in that when I View>Advanced Settings and right click the profile Properties>Security tab and add an account that will have the rights to "Send As" and Recieve As" (for exchange using a BES) and then click apply, 35 minutes later (or thereabouts) I come back to check and the account that I have added here has been removed!

I am not having this problem with any other account that I have done this for other than the 5 that I have mentioned.

The only difference that I can see between these accounts and the accounts that I have no problem with is that when you look at the Security tab of the account profile and clcik advanced in the bottom left hand corner, the tick that allows for inheritable permissions to propergate this object is not ticked and the inherited groups have not been pulled through. If I tick this box and click apply the same thing happens in that after about 35 minutes the tick has been removed and I am back to square one.

As I eluded to above, I need to do this because we are running a Blackberry Enterprise Server.

So someone please let me know what is going on!!!
0
Comment
Question by:flowit
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 17945855
These users are (or have been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now