There is a process which runs by default every 24 hours to clean up obsolete users from the RC permissions. If, during this check, remote Control is unable to read Active Directory, it thinks that the users have been deleted from AD and as such, deletes them from Remote Control permissions.
This process is set in Configuration Policy and is called 'Check Permissions Interval'.
To correct this problem, you can update the Check Permissions Interval in the Configuration Policy applied to the Domain Manager:
DSM -> Remote Control -> Manager -> Check Permissions Interval
The default value (in seconds) is 86400, which is 24 hours. There is no way to turn off the permissions check completely, however the field accepts a value of up to 99999999, which is just over 3 years. So you can increase the value accordingly, and setting it to the maximum of 99999999 will, for all intents and purposes, disable the check: