Inheritable permissions on AD users are automatically disabled.

If you need to enable inheritable permissions on some AD users and after enabling it you constantly find them disabled in a hour or so, you can enable inheritance on  the adminSDHolder container by using Active Directory Users and Computers. The path of the adminSDHolder container is CN=adminSDHolder,CN=System,DC=,DC= 
Note If you use Active Directory Users and Computers, make sure that Advanced Features is selected on theView menu. 
To enable inheritance on the adminSDHolder container:
  1. Right-click the container, and then click Properties.
  2. Click the Security tab.
  3. Click Advanced.
  4. Click to select the Allow Inheritable permissions to propagate to this object and all child objectscheck box .
  5. Click OK, and then click Close.
This is a workaround and not the ideal solution, read more about it here:

No comments:

Post a Comment