Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2010 - Permission issues when adding/removing users from Security Groups

Posted on 2013-02-01
2
Medium Priority
?
285 Views
Last Modified: 2013-02-19
Exchange 2010 SP1 server, 2003 DC's. Exisiting Domain Admins have the 'Inherit Permissions...." unchecked - by design. Is it normal for the user account to NOT re-inherit permissions (ie getting that check-box re-checked) when being removed from the Domain Admin's group.
I have ensured AD had replicated between all domains, even waited 24 hours just in case, and I have to manually re-inherit permissions on the user-account in AD. Is that by design, or is there another problem?
0
Comment
Question by:mhdcommunications
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 38844029
Yes.
Even removing them from the group doesn't reinstate the inheritance - it will actually be removed again.
You need to clear a value on the user account called AdminCount on the account. Then reapply the inheritance.

Simon.
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 38906879
Thanks
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question