Permissions disappear from security tab

[msnews.microsoft.com]

Hey,

I have a problem.

When i try to give user1 permission to sendas user2, the permission
disappears after 10-60 minuts, i have tryed to remove all inherits from
every OU user2 is "member" of. i have tryed to create a new test user in a
different place in the domain, but the same happens there.

I hope i make a clear point, and that someone can help.

Regards
Michael Sejersen
IT, administrator

 

[Dmitry Korolyov [MVP]]

Is your second user a member of security-sensitive groups such as domain
Administrators, Domain Admins etc?

 

[Joe Richards [MVP]]

Do a google search for adminsdholder.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

 

[Jorge de Almeida Pinto [MVP]]

or look at:

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Jorge de Almeida Pinto [MVP]]

or look at:
Every hour, the Microsoft Windows domain controller that has the primary
domain controller (PDC) emulator operations master role verifies the ACLs on
members of these administrative groups and compares them to the ACL on the
AdminSDHolder object. If the ACL that is on the AdminSDHolder object is
different, the ACLs on the members of the administrative group are reset to
match the ACL on the AdminSDHolder object.

For more info on the ADMINSDHOLDER object see the following related KB
articles (not all may apply to your situation!)

Description and Update of the Active Directory AdminSDHolder Object
--> MS-KBQ232199 (http://support.microsoft.com/?id=232199)
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
--> MS-KBQ318180 (http://support.microsoft.com/?id=318180)
Delegated permissions are not available and inheritance is automatically
disabled
--> MS-KBQ817433 (http://support.microsoft.com/?id=817433)
AdminSDHolder Object Affects Delegation of Control for Past Administrator
Accounts
--> MS-KBQ306398 (http://support.microsoft.com/?id=306398)
Security tab of the adminSDHolder object does not display all properties
--> MS-KBQ301188 (http://support.microsoft.com/?id=301188)
"You do not have sufficient permissions in the Domain" error message occurs
and Exchange Setup does not respond
--> MS-KBQ319966 (http://support.microsoft.com/?id=319966)
Certification Authority configuration to publish certificates in Active
Directory of trusted domain
--> MS-KBQ281271 (http://support.microsoft.com/?id=281271)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Michael Sejersen]

No user2 is not a member of a security-sensitive group.

Is your second user a member of security-sensitive groups such as domain
Administrators, Domain Admins etc?

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

Hey,

I have a problem.

When i try to give user1 permission to sendas user2, the permission
disappears after 10-60 minuts, i have tryed to remove all inherits from
every OU user2 is "member" of. i have tryed to create a new test user in
a
different place in the domain, but the same happens there.

I hope i make a clear point, and that someone can help.

Regards
Michael Sejersen
IT, administrator

 

[Michael Sejersen]

Okay, slight mistake, user2 was a member of a groups, that was nested with
administrators. i corrected this problem, and now it works.

Thanks a million for the help, i would never have found this "bug" on my
own.

No user2 is not a member of a security-sensitive group.

Is your second user a member of security-sensitive groups such as domain
Administrators, Domain Admins etc?

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

Hey,

I have a problem.

When i try to give user1 permission to sendas user2, the permission
disappears after 10-60 minuts, i have tryed to remove all inherits from
every OU user2 is "member" of. i have tryed to create a new test user in
a
different place in the domain, but the same happens there.

I hope i make a clear point, and that someone can help.

Regards
Michael Sejersen
IT, administrator

 

[Dmitry Korolyov [MVP]]

Glad to help

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services

Okay, slight mistake, user2 was a member of a groups, that was nested with
administrators. i corrected this problem, and now it works.

Thanks a million for the help, i would never have found this "bug" on my
own.

No user2 is not a member of a security-sensitive group.

Is your second user a member of security-sensitive groups such as domain
Administrators, Domain Admins etc?

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Directory Services


Hey,

I have a problem.

When i try to give user1 permission to sendas user2, the permission
disappears after 10-60 minuts, i have tryed to remove all inherits from
every OU user2 is "member" of. i have tryed to create a new test user
in a
different place in the domain, but the same happens there.

I hope i make a clear point, and that someone can help.

Regards
Michael Sejersen
IT, administrator