We're having issues with an Windows Server 2008 R2 running AD & Exchange. Permissions are resetting due to AdminSDHolder.
I've found that Domain Users is a member of the Administrators group, when I remove Domain Users it reappears after an hour or so? I've tried restting the AdminCoutn in Attribute Editor back to 0 or <not set> but it just keeps adding the Domain Users group back into Administrators.
I've looked at the following but everything I seem to do it just re-adds the Domain Users group back into Administrators.