Originally Posted by gibson_hg
You will either need to remove yourself from the group or apply one of the fixes in article 817433 from Microsoft.
Good stuff. Although not "Best Practice", we went the route of:
dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om" /G "domain\BESAdmin:CA;Send As"
back when it was a hot issue and have since cleaned up our act a bit.
You may also find that some folks that "were" in protected groups do not inherit perms either. As removing them from protected groups does not decrement the admincount. You can find those in your domain with:
dsquery * domainroot -filter "&(objectcategory=person)(mail=*)(admincount=1 )" -l -limit 0