Besadmin disappearing from secuirty tab for on user only

Posted on 2008-11-06
Last Modified: 2012-05-05

We have an issue where one particular user will not retain the besadmin 'send as' permission. That is to say if we go to the security tab of that particular user and either tick the box to 'inherit from parent...' or manually add besadmin with the 'send as' persmission it appears fine. However after a period if I check the security tab for this account all refeences to besdamin have disappeared. This is only happening for this one user

I did notice documents which suggests there maybe issues if the user was a member of any built in security groups. He was a domain administrator and I have removed him from this any other built in groups days ago. I have also done many BES server reboots, stopped BES router service for 20 minutes and restarted the exchange information store as per other suggestions.

We have BES server 4.0 on a member server. We have SBS 2003 and Exchange has service pack 2 installed.
Please help  -thanks
Question by:itfocus
    LVL 6

    Expert Comment

    Hi there,

    You are probably correct regarding this being related to the user being a member of built in administrative groups.

    You say that this user was a Domain Admin, and has since been removed - Is the user a member of any other administrative groups (including nested groups) such as BUILTIN\Administrator, etc..?

    If so, as you've suggested, every hour (from memory) the permissions on this object will be reverted.

    Author Comment


    Thanks for your response
    No he is (and has been for 24 hours) a member of groups only found in the 'mybusiness' OU. He is not a member of any built in groups

    Author Comment

    Anybody else got ideas here - this is still an issue for us. Rebooted boxes (both BES and SBS servver) since also
    LVL 6

    Expert Comment

    Can you try running gpresult from the command line when this user is logged in?

    It will list all of the effective group membership, just to confirm that there's nothing there out of the ordinary.

    Accepted Solution

    Got it myself in the end. The user was a member of domain power users security group. I hadnt realised that this was one of the built in groups and therefore ran into the admindholder issue. Thanks though

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now