Deleted Active Directory Users reappear active the next day

Home Forums Microsoft Networking and Management Services Active Directory Deleted Active Directory Users reappear active the next day

This topic contains 5 replies, has 4 voices, and was last updated by  wullieb1 1 week, 1 day ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts

  • adminmorin
    Participant
    #610023

    Anyone who can point me somewhere here would be greatly appreciated. I have older student accounts on the system and went to a new naming convention for student accounts. When I delete the old student user accounts they only stay deleted for about one day. I come back an viola, here they are all back again, and left in an enabled state none the less. If I create a new user, and delete them, they do not come back. I have ran replication and tested it and it seems to run as expected. I have no READ Only domain controllers.   I and others are left scratching our heads on this one.  thanks


    Ossian
    Moderator
    #610026

    Can you tell us what domain / forest FL you are at, and what OS your DCs are running

    (Also a bit more about your infrastructure – I presume more than one DC?)

    Consider enabling advanced auditing to see if the logs show anything


    adminmorin
    Participant
    #610028

    I have two domain controllers in one forest. Servers are server 2012 r2 on both domain controllers.  Not that it should matter but both are virtual servers on hyper-V. Domain and forest levels are 2012r2.

    Thanks Tom

    • This reply was modified 1 week, 1 day ago by  wullieb1. Reason: Edited to remove formatting

    peawet08
    Participant
    #610029

    Have you run DCDIAG and repadmin /showrepl to see if your domain controllers are replicating correctly.

    Could it be that one DC is re-replicating changes to the other DC and that is bringing the accounts back?  Are the new accounts still available when the old accounts re-appear?


    adminmorin
    Participant
    #610030

    Done and did both.  Even went individually to each domain controller and deleted accounts and then instantly went back to the other and they weren’t showing there. Ran dcdiag as well as repadmin and all is well. Thing is any new accounts I create do delete stay deleted.  These accounts I am removing were most likely existing even prior to the upgrade to the newer versions of the server before my time here.

    Only thoughts others and I have had is an offline domain controller that doesn’t show as an active DC. But for the life of me this makes no sense but then again maybe there is  a lack of understanding on my side.  LOL


    wullieb1
    Moderator
    #610042

    Are there any other admins around that may have used the AD Recycle bin, if you enabled it which i think is the case in 2012 R2, to restore the accounts?

    If you had an offline DC somewhere it would show in your replications. Try the following command and see if the DC’s are syncing properly.

    repadmin /replsummary /bysrc /bydest /sort:delta

    Check your event logs as well

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.