• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1009
  • Last Modified:

Besadmin disappearing from secuirty tab for on user only

Hi

We have an issue where one particular user will not retain the besadmin 'send as' permission. That is to say if we go to the security tab of that particular user and either tick the box to 'inherit from parent...' or manually add besadmin with the 'send as' persmission it appears fine. However after a period if I check the security tab for this account all refeences to besdamin have disappeared. This is only happening for this one user

I did notice documents which suggests there maybe issues if the user was a member of any built in security groups. He was a domain administrator and I have removed him from this any other built in groups days ago. I have also done many BES server reboots, stopped BES router service for 20 minutes and restarted the exchange information store as per other suggestions.

We have BES server 4.0 on a member server. We have SBS 2003 and Exchange has service pack 2 installed.
Please help  -thanks
0
itfocus
Asked:
itfocus
  • 3
  • 2
1 Solution
 
matjmCommented:
Hi there,

You are probably correct regarding this being related to the user being a member of built in administrative groups.

You say that this user was a Domain Admin, and has since been removed - Is the user a member of any other administrative groups (including nested groups) such as BUILTIN\Administrator, etc..?

If so, as you've suggested, every hour (from memory) the permissions on this object will be reverted.
0
 
itfocusAuthor Commented:
Hi

Thanks for your response
No he is (and has been for 24 hours) a member of groups only found in the 'mybusiness' OU. He is not a member of any built in groups
Thanks
0
 
itfocusAuthor Commented:
Anybody else got ideas here - this is still an issue for us. Rebooted boxes (both BES and SBS servver) since also
0
 
matjmCommented:
Can you try running gpresult from the command line when this user is logged in?

It will list all of the effective group membership, just to confirm that there's nothing there out of the ordinary.
0
 
itfocusAuthor Commented:
Got it myself in the end. The user was a member of domain power users security group. I hadnt realised that this was one of the built in groups and therefore ran into the admindholder issue. Thanks though
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now