Announcement

Collapse
No announcement yet.

Delete some trash user -- Help Needed --

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delete some trash user -- Help Needed --

    Hello,

    Some admin in my company create a user, the user already exists, so AD rename one of the users (the old one) as a username□CNF:96dbf334.... (the GUID
    number).

    This users exists in one of my child domains (in which i have 5 GC's) , if i
    look for the user from the ADUC in one of the servers in the child domain i
    found 1 user.

    The problem is when i look for the user in ADUC in one of the GC's in the
    parent domain and define Entire Directory in the search, wiith this search i
    found 2 users, but in the user with the CNF i cannot see his properties or
    delete it, appears me and error that says: Runtime Error

    How can i delete this CNF user ??

    Windows 2000 SP4, native mode, 1 parent, 2 childs, 70 sites, 140 DC's

    Regards

    jguevara

  • #2
    Re: Delete some trash user -- Help Needed --

    From your post you seem to delete the user from a GC. Did you try it on a DC of the CNF user's home domain?

    Note: this replication conflict does not happen just because the user exists already. More likely, they were created almost simultaneously at different places.

    Comment


    • #3
      Re: Delete some trash user -- Help Needed --

      In fact in the home domain of the CNF user the object doesn exists, im search using ADUC, LDP, and ADSIEDIT in all dc's or gc's of the child domain.

      I found it only in the parent domain.

      Another thing is that i found it only when i'm look with "Entire Directory" filter in ADUC and with LDP and ADSIEDIT in Global catalog search or connection mode.

      Any idea ??

      Comment


      • #4
        Re: Delete some trash user -- Help Needed --

        Let me recap. The user is NOT present on any domain partition, but only in the GC of the parent domain. Correct?

        I can explain that in two way, one likely, and one less likely:
        1. replication latency
        2. a lingering object introduced from a GC that was offline for more than 60 days.

        Comment


        • #5
          Re: Delete some trash user -- Help Needed --

          You're right the user is not present in any domain partition and only is present in the GC's of the parent domain.

          About the status of lingered object, i follow the http://support.microsoft.com/default...b;en-us;314282 for few objects and doesnt work, i supossed because is not a lingered object yet.

          Thanks for your patience

          Comment


          • #6
            Re: Delete some trash user -- Help Needed --

            Have you searched for Deleted Objects or in the Lost and Found Container ?
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Delete some trash user -- Help Needed --

              Argg !!! I knew I was forgetting something... Take a look at dsastat from the support tools to compare GCs/domain partitions.
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Re: Delete some trash user -- Help Needed --

                I use AdFind to search in Deleted Objects with no results, in the Lost and found......... the same results.

                Right now checking dsastat tip.

                Jeguevarag

                Comment


                • #9
                  Re: Delete some trash user -- Help Needed --

                  Was that a UPN or sAMAccountName collision ?

                  or was that implicit Kerberos principal collision ( [email protected]m) ?
                  You might find the following thread at activedir.org talking about the issue interesting:
                  http://www.mail-archive.com/activedi.../msg20106.html
                  Guy Teverovsky
                  "Smith & Wesson - the original point and click interface"

                  Comment


                  • #10
                    Re: Delete some trash user -- Help Needed --

                    Originally posted by guyt
                    Was that a UPN or sAMAccountName collision ?

                    or was that implicit Kerberos principal collision ( [email protected]m) ?
                    You might find the following thread at activedir.org talking about the issue interesting:
                    http://www.mail-archive.com/activedi.../msg20106.html
                    That is an interesting thread, but I'm not sure how it explains that the CNF account is only in the GC?

                    For that to be true we must have two things happening:
                    1. the account is deleted from the domain partition
                    2. that change is NOT replicated to the corresponding GC partition in another domain.

                    I can see that happen only if replication for that particular partition is not happening, or if a foreign GC was taken offline directly after the deletion to be brought back 60+ days later (lingering objec).

                    I think the replication thing is more likely. That can happen, for instance, if 'automatic site link bridging' is off. Obviously, you would have KCC warnings all over the place. Alternatively, a change in the network is blocking some replication paths. Anything else?

                    Can't think of any other scenario. I'm really curious how this will turn out!

                    Comment


                    • #11
                      Re: Delete some trash user -- Help Needed --

                      Just a thought... Looking at CNF object metadata should be able to reveal the DC on which the CNF object was originated (and when). This might help in narrowing down the scope of the replication problem (if it does exist).

                      Btw, is there any meta-directory application in place ?

                      Willem, the reason I pointed to the thread has more to do with collisions and is not directly related to the current issue. Having been bitten in the past by collisions I am just curious how that happened and what has caused is.
                      Guy Teverovsky
                      "Smith & Wesson - the original point and click interface"

                      Comment

                      Working...
                      X