Solved

Active Directory Security Permissions Keep Changing Back Every 35 minutes

Posted on 2006-11-15
3
434 Views
Last Modified: 2008-02-01
Someone please help me before I go insane!!

I am running a domain based network which has several 2003 servers but also a couple of 2000 servers. I am running AD and control all my user accounts within an OU that I have created called "Profiles". Under this OU are other OU's to seperate out the different departments and then we have the actual profile settings.

I am having a problem with 5 profiles that reside in different department OU's in that when I View>Advanced Settings and right click the profile Properties>Security tab and add an account that will have the rights to "Send As" and Recieve As" (for exchange using a BES) and then click apply, 35 minutes later (or thereabouts) I come back to check and the account that I have added here has been removed!

I am not having this problem with any other account that I have done this for other than the 5 that I have mentioned.

The only difference that I can see between these accounts and the accounts that I have no problem with is that when you look at the Security tab of the account profile and clcik advanced in the bottom left hand corner, the tick that allows for inheritable permissions to propergate this object is not ticked and the inherited groups have not been pulled through. If I tick this box and click apply the same thing happens in that after about 35 minutes the tick has been removed and I am back to square one.

As I eluded to above, I need to do this because we are running a Blackberry Enterprise Server.

So someone please let me know what is going on!!!
0
Comment
Question by:flowit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17945855
These users are (or have been at one point) member of a "protected group" (Administrators, Account Operators, Server Operators, Print Operators, Backup Operators, Domain Admins, Schema Admins, Enterprise Admins, Cert Publishers); check here for details:
The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
http://support.microsoft.com/?kbid=907434

Delegated permissions are not available and inheritance is automatically disabled
http://support.microsoft.com/?kbid=817433

AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/?kbid=318180

Security tab of the adminSDHolder object does not display all properties
http://support.microsoft.com/?kbid=301188
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dentrix G4 1 104
Auto Login Script 3 82
Access denied running PowerPivot -SQL Server 2014 on Windows Server 2012 10 65
Active Directory Powershell Script 9 41
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question