Greetings,
I've uncovered a weird situation where I have a couple accounts that are not maintaining their security settings. Specifically, I have accounts that I need to allow user1 to 'Send As' (via Exchange 2010). So, I go into the account with in ADUC and make sure that the 'Include inheritable permissions from the object's parent' is checked. In this case, it is not, so I check it and hit 'Apply'. Then, within Exchange EMC, I go into 'Manage Send As Permissions and add the existing user. All seems fine. Then, within a matter of minutes, the user no longer has any rights to the mailbox and the 'Include Inheritable...' check box is cleared. It really acts like someone else has the same account open within AD and is saving changes after I do, thus overwriting them. I know that is not happening. But I am wondering if there is something that I should be looking for on my DCs that may suggest a problem Are there Event Viewer logs or Replmon logs that I need to look at? I've gone through the logs, but am not finding anything obvious. I have a native 2008 functionality level.
I appreciate any assistance.
Thanks,
Jeremy
Depending on what group/s you are adding it might be removing permisisons based on the Active Directory AdminSDHolder Protected Groups.
Take a look at the article below for more in depth detail.
AdminSDHolder Protected Group
Will.