It was brought to my attention that following the steps listed in KB327000 (http://support.microsoft.com/?kbid=327000), which applies to Exchange 2000 and 2003, to assign a user "Send As" permissio...
Updated Jul 01, 2019
Version 2.0
Blog Post
Hmm, I do not know of anything off the top of my head that would be doing this.
I would start investigating this by enabling "Object Access" auditing for the Active Directory Objects. You will have to go in and edit the default GPO for the domain controllers to enable success auditing for Object Access. After this setting has taken affect, you will then need to view the "Security" tab of the user in question and adding a new auditing entry to audit any writes to the user object. Once that is completed, whenever the specific object is modified you should see a 566 event being logged in the Security Log of the Event Viewer. This should give you some good information on who/what is modifying the object and what is being modified.
I would start investigating this by enabling "Object Access" auditing for the Active Directory Objects. You will have to go in and edit the default GPO for the domain controllers to enable success auditing for Object Access. After this setting has taken affect, you will then need to view the "Security" tab of the user in question and adding a new auditing entry to audit any writes to the user object. Once that is completed, whenever the specific object is modified you should see a 566 event being logged in the Security Log of the Event Viewer. This should give you some good information on who/what is modifying the object and what is being modified.