We have noticed over the past year that some of our users are having permission issues in active directory. Generally, an account has the following permissions.
What we are noticing is several accounts are missing all but 4 of these. If you view the security on the user, you can go to advance, remove all permissions and hit default and all the correct permissions go back. However, in about 5 to 10 minutes, the permissions change back.
The permissions it changes back to is:
Exchange Enterprise Servers
This doesn't matter if the person is a domain user, domain admin, or exchange admin.
I've tried through ASDI edit to force it and it changes back.