We have a single user object that was created with the same values under ntSecurityDescriptor as all other user objects in the same OU. Yesterday the user had issues, no email, unable to access shared drives, unable to print etc. When we investigated we found over half of the settings under ntSecurityDescriptor had been lost. There is nothing in the event logs/audit to show what, if anything, was done to his account.
I ran Get-ADUser -Filter * -Properties ntSecurityDescriptor|select-ExpandProperty ntSecurityDescriptor
and found many inconsistencies despite user accounts being created to a standard format, apart from domain admins/IT staff.
Is there a default set of values for ntSecurityDescriptor? If so, what is it?
Also, does anyone have any idea how a user object can suddenly lose some of these settings?