edwalters
asked on
Exchange Domain Servers Inheritance Block
I asked a question about how to solve the Permissions inheritance block on Exchange Domain Servers Group Object
Access control list (ACL) inheritance is blocked for the Exchange Domain Servers group object in domain 'laxeypartners.com' (CN=Exchange Domain Servers,CN=Users,DC=laxeyp
....a while ago and I got an answer which confirmed what I had to do, basically tick the box so the Group inherited from it's parent.
I did that and the Exchange 2010 BPA stopped complaining, however on running it again a few hours later, it's back to complaining about it until I re tick the inheritance box.
So my question now is, why does it keep reverting back to the unticked state?
Access control list (ACL) inheritance is blocked for the Exchange Domain Servers group object in domain 'laxeypartners.com' (CN=Exchange Domain Servers,CN=Users,DC=laxeyp
....a while ago and I got an answer which confirmed what I had to do, basically tick the box so the Group inherited from it's parent.
I did that and the Exchange 2010 BPA stopped complaining, however on running it again a few hours later, it's back to complaining about it until I re tick the inheritance box.
So my question now is, why does it keep reverting back to the unticked state?
ASKER
Not sure about what that meant, however I have checked who is a member of the Exchange Domain Servers group and it is only the current Exchange Servers int he organisation.
We have 1 2008 DC and two 2003 DC. I've tried applying the Inheritance change tot he 2008 DC and the 2003 DC first, but either way the permissions revert after about 1 hour.
We have 1 2008 DC and two 2003 DC. I've tried applying the Inheritance change tot he 2008 DC and the 2003 DC first, but either way the permissions revert after about 1 hour.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think the problem was (as you suggest) the Exchange Domain Servers was a member of Domain Admins. I've removed it from there and the permissions seem to be holding now. i'll check again on Monday and award the points and close the call.
Thanks
Ed
Thanks
Ed
yea exactly if it is member of any AD protected groups inheritance will be removed periodically
i.e. is your exchange server member of domain admins, administrators, enterprise admins etc...