Re: Active Directory Security permissions
- From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 21 Jul 2006 20:01:55 +0200
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/981.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Saral6978" <Saral6978@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F93DB912-6901-45DD-9667-179C91144A50@xxxxxxxxxxxxxxxx
I'm having an issue with permissions in Active Directory (specifically,
the
security tab of each AD user account). There are 2 accounts in AD that,
if
you click on Advanced, have Inheritance checked. I can add explicit
users/groups if necessary and apply permissions and those permissions will
stay put. However, ALL other user accounts in my entire organization have
Inheritance turned off. But, when I add a new user/group to the account,
it
will take the change for about 15 minutes, then will revert back to what
the
permissions were set too previously. I have tried turning on inheritance
for
one of these accounts as a test, and the same thing happens. It accepts
it,
but after 5-15 minutes, it reverts back and removes the user/group
permissions that I added and removes the checkmark for the inheritance
box.
All of the containers the users are included in are set for Inheritance -
just the individual user accounts are unselected, but they are getting
their
settings from somewhere, and I can't figure it out.
I'm not sure why 2 accounts are working properly, and the rest (about 70+)
are set this other way.
Anyone have any ideas? I discovered this after applying an Exchange 2003
patch that affected my Blackberry Server Service Account's ability to send
email from the Blackberry devices (kb 895949), This article stated to go
in
and explicitly assign my BesAdmin account with the "Send As" permission to
my
BB users. When I try adding this account to any of my users, the account
is
automatically removed by some sort of policy that I can't find after a
particular time period.
There is a patch that I can apply, according to Microsoft, but they advise
against it until it is available in Exch2003 SP3. At this point, I'm not
sure if I should just install the patch or figure out why my permissions
won't stay put. I do want to add that when I do add the BesAdmin account
and
permission it accordingly to one of my BB user accounts, I can send mail
from
my BB until the time that AD removes the permissions that I just added, so
I
know if I can keep the BesAdmin in there with the correct permissions that
should solve the problem without applying the patch.
If this makes any sense and anyone has any ideas, I would greatly
appreciate
it! Sorry this was so long!
Thanks!
Sara
.
- Follow-Ups:
- Re: Active Directory Security permissions
- From: Saral6978
- Re: Active Directory Security permissions
- Prev by Date: Re: Multiple FSMO changes
- Next by Date: Re: Unable to create domain trust: a device not functioning
- Previous by thread: Re: Active Directory Security permissions
- Next by thread: Re: Active Directory Security permissions
- Index(es):
Relevant Pages
|
