[ExchangeList] Re: Active directory permissions

  • From: "Rich Gallo" <RGallo@xxxxxxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 2 May 2006 13:13:56 -0400

  

There are groups in AD in which you can't change the permissions of the
membership (in other words, if users are a member of the Domain Admins
group, changing permissions at that group level usually won't take and
will remove anything that you add or change).  I believe this happens
with all built-in groups such as Domain Admins.  

 

Let me try to give you an example:

 

You are trying to give User A the Send As permission for another user,
User B.  So you go into User B and add User A's account and assign the
appropriate permissions.  15 minutes later, you go in to User B's
permissions and find that User A was "mysteriously" removed.  Why did
this happen??  There is a process that runs in AD that checks all the
permissions in specified groups (I know Domain Admins is one of them,
not sure of the others).  If anything doesn't jive with what it should
be, permissions are reverted back to their original state.  Why does
this affect User B you ask??  Well, User B is somehow a member of the
Domain Admins group or some other group that this AD process affects.
If you don't know the exact group membership of a user, you may have to
do some investigative work to find out and remove that user.  FUN!

 

 

I hope that helps a little.  Anyone agree with me, as I may not be
explaining this correctly.... :-) 

 

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Sohail Malik
Sent: Tuesday, May 02, 2006 12:36 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Active directory permissions

 

Hi All

 

I am facing with a strange issue at the moment with AD, I have noticed
that in one of my admin account permission settings

 has every one group with change password permission with two unknown
accounts  (scary aint) I have tried removing the accounts and every one
group from the security settings but after a while it  revert back  to
same old settings.. Please help.

 

 

 

  SWIIS UK LTD

  Sohail Malik

   IT Analyst

   e:sohail.malik@xxxxxxxxx

GIF image

Other related posts: