I have created a non-admin user and enabled "Account is trusted for delegation". Then I create a OU to which I assign delegation rights to that non-admin user. I unchecked policy inheritance, and proceed to create a domain admin account in the aforementioned OU. When the non-admin user attempt to exercise it's delegated rights all is well and the admin is being managed. About 1 day later, apparently after replication to other domain controllers, the right seems to be gone and the non-admin can no longer manage the admin, however if I create a new admin in the OU, I can manage it(for about 24 hours)...... Does anyone have some suggestions on how to get to the bottom of this? Thanks in advance for the help.