RE: New SBS server has disappearing security settings for user in
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Thu, 02 Mar 2006 08:51:14 GMT
Hi Bu7ch,
Thanks for your update.
This issue could be caused by theses users are members of some protected
groups in Windows 2003 server. An Active Directory domain controller that
holds the primary domain controller (PDC) operations master role (also
known as the flexible single master operations role or the FSMO role) runs
a thread every hour to check the access control lists (ACLs) on the
following groups and all of the member objects of these groups:
Enterprise Admins
Schema Admins
Domain Admins
Administrators
Domain Controllers
Cert Publishers
Backup Operators
Replicator Server Operators
Account Operators
Print Operators
If a user account is a member of one of these groups because of its
membership with a distribution group, the user account's ACL is checked
when the thread is run and may be reset to match the ACL of the
AdminSDHolder thread.
To resolve this issue, please remove these users from the above groups.
More information:
Delegated permissions are not available and inheritance is automatically
disabled
http://support.microsoft.com/?id=817433
I appreciate your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: New SBS server has disappearing security settings for user
in
| thread-index: AcY9flhGTmvcOGeTRlmhc1/oau6mhQ==
| X-WBNR-Posting-Host: 65.29.211.216
| From: "=?Utf-8?B?QnU3Y2g=?=" <Bu7ch@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <111AB543-F444-41C8-93A6-B583D3C61B38@xxxxxxxxxxxxx>
<PLjgRyPPGHA.620@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: New SBS server has disappearing security settings for user in
| Date: Wed, 1 Mar 2006 14:20:28 -0800
| Lines: 118
| Message-ID: <7F282920-7206-4C49-959A-5128E7004434@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248563
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Crina,
|
| I did follow both articles you provided. If I add the two users to the
| mailbox (in ADUC) and give them "send as" rights, these two users will
| disappear within approximately 30 minutes. I found a similar situation on
| GoogleGroups where the two users who were disappearing were power users
but
| this isn't the case here. None of the three users are admins or power
users.
| That situation also seemed to show an ACL preventing the settings from
| staying but I can't find the problem anywhere.
|
|
|
|
| ""Crina Li"" wrote:
|
| > Hi Bu7ch,
| >
| > Thank you for posting in SBS newsgroup.
| >
| > From the description, do you mean you have added a SBS 2003 into an
| > existing Windows 2000 domain following the KB article below?
| >
| > 884453 How to install Small Business Server 2003 in an existing Active
| > Directory domain
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;884453
| >
| > And now the 2 users have disappeared from the Security tab of
Properties of
| > another user. Considering current situation, you can re-add the send as
| > permission to the 2 users as below:
| >
| > 1. Open Active Directory Users and Computers (ADUC).
| > 2. Click View and ensure the Advanced Features option has been
selected.
| > 3. Locate the group mailbox object, right-click another user and then
click
| > Properties.
| > 4. On the Security tab, add the 2 users whom you would like to have
send as
| > permission and grant with Send as permission.
| > 5. Check if the issue still occurs.
| >
| > You can refer to the following KB article:
| >
| > 327000 "Send as" and "Send on behalf" permissions in Exchange 2000
Server
| > and in Exchange Server 2003
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;327000
| >
| > I appreciate your time and look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: New SBS server has disappearing security settings for
user
| > in aduc
| > | thread-index: AcY8fo1Gr9UZmIxrRNSleE1gHq84FQ==
| > | X-WBNR-Posting-Host: 65.29.211.216
| > | From: "=?Utf-8?B?QnU3Y2g=?=" <Bu7ch@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: New SBS server has disappearing security settings for user
in
| > aduc
| > | Date: Tue, 28 Feb 2006 07:49:26 -0800
| > | Lines: 6
| > | Message-ID: <111AB543-F444-41C8-93A6-B583D3C61B38@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248146
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | A little background: I put in an sbs 2003 server into an existing
win2k
| > | domain per a document provided by Microsoft and things went pretty
well.
| > The
| > | problem is this: two users have the "Send As" right to send as
another
| > user.
| > | I set this up and it worked on Friday. On Monday and today the users
have
| > | disappeared in the security tab of the user in ADUC. Any ideas why
the
| > users
| > | would simply disappear from the permissions?
| > |
| >
| >
|
.
- Follow-Ups:
- References:
- Prev by Date: Re: Migrating from SBS 2k3 to Windows 2003 Stnd
- Next by Date: Re: Problems with Users Exchange Accounts
- Previous by thread: RE: New SBS server has disappearing security settings for user in
- Next by thread: RE: New SBS server has disappearing security settings for user in
- Index(es):
Relevant Pages
|
Loading
