Hoping someone may have a suggestion to point me at.
Our AD is 2008 R2:
Scenario: Go to the OU and open up properties on a user account. Select the Security tab - then click Advanced. Select the Effective Permissions tab and enter in the user name your checking.
If I do this on the Domain Controllers (Any of them) it shows the permissions to be List contents Read all Properties, Read permissions and so on - but only read. If I repeat this very same task on my workstation using ADUC it shows the user with "Everything" except for Full Control and Delete subtree. I have no clue why they would be different. I tried it from 3 desktops using ADUC tools and all are the same. I have told it to use a different domain controller and still the same thing.
Any clue as to what is going on here?
Willis