10.6 server bound to 2008 AD will not show correct permissions on AFP share

Hi All This one is doing my head in a bit, wondering if anyone has come across this I have a 10.6 server that is bound to a 2008 AD server Binds OK and looks like all is well. I setup a folder and share using AFP. define an AD group as read / write to that folder When a user belonging to the AD group then goes into that folder they have READ ONLY access to the folder itself Showing effective permissions inspector reveals the same "READ ONLY" for that user Yet the group on the ACL says it has read / write. If I go into workgroup manager and look at the group membership the user DOES exhist in the AD group the strange thing is that some users that belong to the AD group do have correct permissions while others in the group don't No other group has been defined in the ACL If I add the individual user into the ACL then it works, It is just when I add the group to the ACL that is is strange. I was wondering if anyone else has seen this before ? Troubleshooting done * Network time server pointing to AD server * $ dirt -u "username" -p "password" is OK * $ id "username" is OK * DNS all good, A records and PTR records all sweet * No disjoint AD domain * http://support.apple.com/kb/HT3394 "All Good" * Even tried Allow of cryptography algorithms compatible with Windows NT 4.0 "http://support.microsoft.com/kb/942564"