question

FaridAhmedov-2942 avatar image
0 Votes"
FaridAhmedov-2942 asked FaridAhmedov-2942 edited

delegate permission not working

Hi everyone we delegate permission in AD to user "Test1". Test1 need change password for all users in OU:"IT" on two individual users this is not working, because in security we can not find "Test1" user and for this users we can see what Inheritance is disable after we enabled inheritance it work normally, but after about 15-30 minutes inheritance go to disabled state and user can not access, also we tried to add user manually in security but after some time it was same.

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GaryReynolds avatar image
0 Votes"
GaryReynolds answered FaridAhmedov-2942 commented

Hi @FaridAhmedov-2942

It sounds like the accounts are members of a protected group and the SDProp process is applying the SDAdminHolder permissions to users. Check out this post on how to determine if the account is being protected.

Gary.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks a lot you are right, i found attribute "admin count 1"

The recommendation is to not add any mailbox enabled account to an elevated group and permission inheritance wont be disabled.


Thanks

for solution I will use for my admin works other account

0 Votes 0 ·