Exchange 2010 permissions not inherited correctly

Had some trouble with the “Include Inheritable Permissions From This Object’s Parent” checkbox becomes unchecked every hour(?). This is normally done when a user is member of the Domain Admins, Enterprise Admins or the Administrators Active Directory groups. Normally removing the membership of the administrator groups will work, but if the user is not member of one of those groups you need to edit th adminCount attribute via AdsiEdit.
You can do this as follows;
Using ADSIEDIT.MSC browse to the user object and look for “adminCount” and set it either to <not set>.

Just a quick tip with thanks to an answer on

Note, setting the value to zero is not working for me, setting the value to <not set> looks fine.

While troubleshooting a colleague pointed out the following blog. this really interesting blog is in dutch.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

TechEd 2011 Session recordings available

Next Post

CEP Configuration Manager 2012 Hierarchy Technical Overview summary

Related Posts