Permissions that were granted to certain users and groups via inheritance seem to work fine after being applied, but later they no longer work.
A check of the native ACL on the object (Security | Advanced) shows the permissions to have disappeared and Inheritance is now disabled for the Users. In any particular OU, it may appear to be randomly affecting users, yet working fine on others.
This is unrelated to the Migration and likely caused by the affected Users being among one of the Protected Groups in Windows.
NOTE: Membership in a protected group is defined as either direct membership or transitive membership using one or more security or distribution groups. Distribution groups are included because they can be converted to security groups.
In Windows Server 2003, the number of groups that are protected has been increased to enhance security in Active Directory (see the "More Information" section of the below Microsoft article for details). The number of groups that are protected also increases if you apply the 327825 hotfix to Windows 2000.
These protected Groups are as follows:
Windows Server 2003 and in Windows 2000 after applying the 327825 hotfix or installing Windows 2000 Service Pack 4, add more groups to Protected Groups List:
Additionally the following users are also considered protected:
For more information and alternative fixes to the issue, please refer to following Microsoft KB article 817433: