Have a strange behavior that I am not sure how to fix.
Using OS X 10.6.7 native Active Directory client to bind to domain. I have directory utility configured to allow administration for a domain group. At first things worked great and members of those domain groups were indeed admins on the machine however the next day one of these users logs in and they are no longer admins. If you run directory utility again using a local admin account you can see that those domain groups are still configured to allow administration but none of those users show as being admins. Then suddenly, as if I did anything, those users show as being admins again. Why? I don't understand how this can flip back and forth like that.
Was this ever solved?? We have the same issue with 10.8.3. It seems a network connection to your AD servers is required when logging in. Otherwise the check cannot be made and the user never receives admin rights. A huge problem for users with laptops that work offline.