Besadmin disappearing from secuirty tab for on user only


We have an issue where one particular user will not retain the besadmin 'send as' permission. That is to say if we go to the security tab of that particular user and either tick the box to 'inherit from parent...' or manually add besadmin with the 'send as' persmission it appears fine. However after a period if I check the security tab for this account all refeences to besdamin have disappeared. This is only happening for this one user

I did notice documents which suggests there maybe issues if the user was a member of any built in security groups. He was a domain administrator and I have removed him from this any other built in groups days ago. I have also done many BES server reboots, stopped BES router service for 20 minutes and restarted the exchange information store as per other suggestions.

We have BES server 4.0 on a member server. We have SBS 2003 and Exchange has service pack 2 installed.
Please help  -thanks
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi there,

You are probably correct regarding this being related to the user being a member of built in administrative groups.

You say that this user was a Domain Admin, and has since been removed - Is the user a member of any other administrative groups (including nested groups) such as BUILTIN\Administrator, etc..?

If so, as you've suggested, every hour (from memory) the permissions on this object will be reverted.
itfocusAuthor Commented:

Thanks for your response
No he is (and has been for 24 hours) a member of groups only found in the 'mybusiness' OU. He is not a member of any built in groups
itfocusAuthor Commented:
Anybody else got ideas here - this is still an issue for us. Rebooted boxes (both BES and SBS servver) since also
Can you try running gpresult from the command line when this user is logged in?

It will list all of the effective group membership, just to confirm that there's nothing there out of the ordinary.
itfocusAuthor Commented:
Got it myself in the end. The user was a member of domain power users security group. I hadnt realised that this was one of the built in groups and therefore ran into the admindholder issue. Thanks though

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.