[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Besadmin disappearing from secuirty tab for on user only

Posted on 2008-11-06
5
Medium Priority
?
1,003 Views
Last Modified: 2012-05-05
Hi

We have an issue where one particular user will not retain the besadmin 'send as' permission. That is to say if we go to the security tab of that particular user and either tick the box to 'inherit from parent...' or manually add besadmin with the 'send as' persmission it appears fine. However after a period if I check the security tab for this account all refeences to besdamin have disappeared. This is only happening for this one user

I did notice documents which suggests there maybe issues if the user was a member of any built in security groups. He was a domain administrator and I have removed him from this any other built in groups days ago. I have also done many BES server reboots, stopped BES router service for 20 minutes and restarted the exchange information store as per other suggestions.

We have BES server 4.0 on a member server. We have SBS 2003 and Exchange has service pack 2 installed.
Please help  -thanks
0
Comment
Question by:itfocus
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:matjm
ID: 22894712
Hi there,

You are probably correct regarding this being related to the user being a member of built in administrative groups.

You say that this user was a Domain Admin, and has since been removed - Is the user a member of any other administrative groups (including nested groups) such as BUILTIN\Administrator, etc..?

If so, as you've suggested, every hour (from memory) the permissions on this object will be reverted.
0
 

Author Comment

by:itfocus
ID: 22894765
Hi

Thanks for your response
No he is (and has been for 24 hours) a member of groups only found in the 'mybusiness' OU. He is not a member of any built in groups
Thanks
0
 

Author Comment

by:itfocus
ID: 22940543
Anybody else got ideas here - this is still an issue for us. Rebooted boxes (both BES and SBS servver) since also
0
 
LVL 6

Expert Comment

by:matjm
ID: 22944951
Can you try running gpresult from the command line when this user is logged in?

It will list all of the effective group membership, just to confirm that there's nothing there out of the ordinary.
0
 

Accepted Solution

by:
itfocus earned 0 total points
ID: 22948163
Got it myself in the end. The user was a member of domain power users security group. I hadnt realised that this was one of the built in groups and therefore ran into the admindholder issue. Thanks though
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question