Got a really odd issue in AD. We are about to deploy Lync and have found that around 50% of all user accounts are set to not inherit permissions from the parent. We change this and less than an hour later it is unchecked again, making it impossible to apply permissions and making changes on these accounts consistently. AdminCount on these accounts is either set to 0 or null. they are not members of protected groups and have never been. They are not members of groups that are nested into protected groups either.
The users do not seem to have any commonality either, different departments, different sites, different countries. two people sat next to each other started almost at the same time and one is fine and the other is not.
Has anyone seen this before. To me it looks as though there is an ldap query running somewhere that is selecting this group of users, based on god knows what criteria, and applying permissions and removing inheritence. But as this is only affecting our European domain and not Asia or North America then something must be running, but I cannot find what or where.
I'm at a loss on my old friend google I cannot find anything at all, I am hoping however you guys might be able to help out.