AD User Objects not retaining security
- From: Jeff <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Mar 2008 08:03:01 -0700
Salutations,
I've run across a strange issue in a Windows 2000 Native AD environment.
There are two Domain Controllers, one is Windows 2000, the other is Server
2003. Server 2003 hosts Exchange 2003.
The issue began when the 2000 DC was hosting all of the FSMO roles. When
new security was added to the security tab of an AD user object, it would
disappear after a period of time, leaving only the SID behind. We don't have
an exact time frame, but it seems to be within an hour.
We went through several layers of troubleshooting, and we've eventually
moved all of the FSMO roles to the 2003 server. Now, the same error seems to
be occuring, but the Security descriptors are completely removed, no SID is
left behind.
I've checked replication with replmon, and ran several dcdiag tests, and
nothing seems out of the ordinary. The only thing I've not explored deeply
is the AdminSDholder object, as described in
http://support.microsoft.com/?id=232199.
I suppose I'm looking for any thoughts as to what else could be causing this
strange issue.
.
- Follow-Ups:
- Re: AD User Objects not retaining security
- From: Jorge Silva
- Re: AD User Objects not retaining security
- From: Ken Aldrich
- RE: AD User Objects not retaining security
- From: Ziad K. Chafi
- Re: AD User Objects not retaining security
- Prev by Date: Problem Setting up Trust
- Next by Date: RE: AD User Objects not retaining security
- Previous by thread: Problem Setting up Trust
- Next by thread: RE: AD User Objects not retaining security
- Index(es):
Relevant Pages
|
