hello
If someone give “deny” permissions on AD Group for “EveryOne” group, you will not be able to add or modify the permissions.
if you try to open Security Tab you will get this error:
“Windows can not edit the permissions on ‘Group Name’ because they have been written in a nonstandard format by another application. To enable editing, you must use the application to restore the permissions to a standard format”
To resolve this error, you should use DSACLS.EXE :
dsacls.exe “CN=GroupName,OU=OrganizationName,DC=Domain,DC=XX” /R “EveryOne”
SHMUEL H