I guess it is the ADMINSDHOLDER object that is bugging you... Every hour, the Microsoft Windows domain controller that has the primary domain controller (PDC) emulator operations master role verifies the ACLs on members of these administrative groups and compares them to the ACL on the AdminSDHolder object. If the ACL that is on the AdminSDHolder object is different, the ACLs on the members of the administrative group are reset to match the ACL on the AdminSDHolder object. For more info on the ADMINSDHOLDER object see the following related KB articles (not all may apply to your situation!) Description and Update of the Active Directory AdminSDHolder Object --> MS-KBQ232199 (http://support.microsoft.com/?id=232199) AdminSDHolder Thread Affects Transitive Members of Distribution Groups --> MS-KBQ318180 (http://support.microsoft.com/?id=318180) Delegated permissions are not available and inheritance is automatically disabled --> MS-KBQ817433 (http://support.microsoft.com/?id=817433) AdminSDHolder Object Affects Delegation of Control for Past Administrator Accounts --> MS-KBQ306398 (http://support.microsoft.com/?id=306398)
Jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Aguilar, Louis Sent: Wed 2006-02-01 23:06 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Permissions are resetting Everyone, I've come across a problem with permissions in Active Directory. When I modify a permission on a user account or when I delegate control to a user group the permission reset to the original setting. I've done some research, but have come up with nothing. Any input is appreciated. Please note that I'm running 2003 in Native Mode. Thanks, Louis NOTICE OF CONFIDENTIALITY This message, including attachments, is from Family Health Partners. This message contains information that may be confidential and protected by HIPAA Privacy Regulations. If you are not the intended recipient, promptly delete this message and notify the sender of the delivery error by return e-mail or call the FHP Compliance Department at 816-234-3946. You may not forward, print, copy, distribute or use the information in this message if you are not the intended recipient. ________________________________ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>