Account operators user not able to modify certain users who were part of Account operators group

Question

There were certain users who were part of Account operators group, and now have been removed.
admincount attribute vale has been set to 0 or <notset>

Now users of Accounts operators group are not able to make changes to the users who were previously in the Account operators group

Kindly help

Answer 1

Assign permissions to security groups for resources.

Permissions are different than user rights. Permissions are assigned to the security group for the shared resource. Permissions determine who can access the resource and the level of access, such as Full Control. Some permissions that are set on domain objects are automatically assigned to allow various levels of access to default security groups, such as the Account Operators group or the Domain Admins group.

Security groups are listed in DACLs that define permissions on resources and objects. When assigning permissions for resources (file shares, printers, and so on), administrators should assign those permissions to a security group rather than to individual users. The permissions are assigned once to the group, instead of several times to each individual user. Each account that is added to a group receives the rights that are assigned to that group in Active Directory, and the user receives the permissions that are defined for that group.

Some details here on groups.
https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups#active-directory-default-security-groups-by-operating-system-version

Answer 2

Did you fixed the issue or knew the root cause for it? I am having a similar issue, well, literally the same issue