Windows Server 2003/2008 R2 AD Group Adds at Random to Builtin\Administrators

view full story

http://serverfault.com – We're having a strange problem that we can't fathom out. We have inherited a 2003 FFL/DFL domain that has a mix of 2008 R2 and 2003 DC's. The Workstation Admins group was in Builtin\Administrators, not great I know. We removed said group from the elevated permissions only to find it had returned the next day. Checking the permissions on the group Builtin\Aministrators only Domain Admins can affect it, as it should be. We used the repadmin to track down when the change happened: repadmin /showobjmeta DC01 "CN=Administrators,CN=Builtin,DC=Domain,DC=co,DC=uk" This showed us where and when the (HowTos)