This happens when those user accounts are member of some protected groups. Permissions on and inheritance of permissions of protected groups are controlled by the AdminSDHolder object under the SYSTEM container. Every hour a process on the PDC Emulator checks the permissions settings of all protected groups against the permission settings of the AdminSDHolder object. If there exist differences, the permissions/inheritance of the protected groups are reset to match the permissions/inheritance of the AdminSDHolder object. This ALSO applies to all users and groups that are member of those Protected Groups. When some security principal is/has been a member of the protected group the ADMINCOUNT attribute is set to 1. This is the way the PDC Emulator sees what objects to check and eventually to reset if they have inconsistent permissions/inheritance settings compared to the AdminSDHolder object
This one makes you crazy if you don't know about the AdminSDHolder object and the process on the PDC Emulator FSMO For more info see the following articles: http://support.microsoft.com/?id=817433 http://support.microsoft.com/kb/318180 http://support.microsoft.com/?kbid=232199 Cheers Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wilhelmsen Jan Sent: Wednesday, March 30, 2005 12:17 To: [email protected] Subject: [ActiveDir] Active directory inheritance checkbox on user object! Hi! I have a problem regarding security on user objects, I have an OU call users and under this I have several other OU's which contains user objects. In 2 (Out of 15) of these child ou's I have some problems with the user objects, the problem is that for some reason the user object don't inherit the permissions from the parent OU, when I go to the user object, security, advanced and then check the checkbox that it should inherit the permissions from the parent ou, everything is working as planned, but after a while the permissions is gone and the inherit checkbox is unchecked. It seems that this is happening when Active directory is replicating, I compared the security settings on other OU's and they all seem the same. Can anyone give me some clues on how to troubleshoot, monitor or even better solve this problem? Med vennlig hilsen / Best regards Jan Wilhelmsen IT-Technician Bilia Personbil as �kernveien 115 0510, Oslo Norway Tel: +47 22882546 Mob:+47 95928392 Fax: +47 22970387 Mail: [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Gmail: [EMAIL PROTECTED] Citrix User Group http://www.cug.no [EMAIL PROTECTED] Visit http://www.cug.no List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
