December 4, 2018 at 12:09 pm #610023
Anyone who can point me somewhere here would be greatly appreciated. I have older student accounts on the system and went to a new naming convention for student accounts. When I delete the old student user accounts they only stay deleted for about one day. I come back an viola, here they are all back again, and left in an enabled state none the less. If I create a new user, and delete them, they do not come back. I have ran replication and tested it and it seems to run as expected. I have no READ Only domain controllers. I and others are left scratching our heads on this one. thanks
OssianModeratorDecember 4, 2018 at 3:07 pm #610026
Can you tell us what domain / forest FL you are at, and what OS your DCs are running
(Also a bit more about your infrastructure – I presume more than one DC?)
Consider enabling advanced auditing to see if the logs show anythingDecember 4, 2018 at 3:34 pm #610028
I have two domain controllers in one forest. Servers are server 2012 r2 on both domain controllers. Not that it should matter but both are virtual servers on hyper-V. Domain and forest levels are 2012r2.
- This reply was modified 7 months, 2 weeks ago by wullieb1. Reason: Edited to remove formatting
peawet08ParticipantDecember 4, 2018 at 4:40 pm #610029
Have you run DCDIAG and repadmin /showrepl to see if your domain controllers are replicating correctly.
Could it be that one DC is re-replicating changes to the other DC and that is bringing the accounts back? Are the new accounts still available when the old accounts re-appear?December 4, 2018 at 4:52 pm #610030
Done and did both. Even went individually to each domain controller and deleted accounts and then instantly went back to the other and they weren’t showing there. Ran dcdiag as well as repadmin and all is well. Thing is any new accounts I create do delete stay deleted. These accounts I am removing were most likely existing even prior to the upgrade to the newer versions of the server before my time here.
Only thoughts others and I have had is an offline domain controller that doesn’t show as an active DC. But for the life of me this makes no sense but then again maybe there is a lack of understanding on my side. LOL
wullieb1ModeratorDecember 4, 2018 at 9:50 pm #610042
Are there any other admins around that may have used the AD Recycle bin, if you enabled it which i think is the case in 2012 R2, to restore the accounts?
If you had an offline DC somewhere it would show in your replications. Try the following command and see if the DC’s are syncing properly.
repadmin /replsummary /bysrc /bydest /sort:delta
Check your event logs as well
You must be logged in to reply to this topic.