Re: Unknown SID in Exchange 2003
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 30 Jul 2005 12:58:08 -0400
Use ADSI Edit to browse down through the Exchange configuration settings in the Forest Config container. The DN will be something like cn=<orgname>,CN=Microsoft Exchange,CN=Services,CN=Configuration,<forest root DN>.
Once you find where the ACE for the unknown SID was applied, you can remove it from there.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
DoA User wrote:
Good day,
Some time ago, as a test, I installed Exchange 2003 on a server in a child domain of my production domain. This server became the third Exchange server in my Exchange organization and the administrator of the child domain was a full Exchange administrator in the organization.
After conducting my tests, I removed the child domain Exchange server and then soon after, removed the entire child domain from AD. However, there are some remnants of the old child domain administrator account in my Exchange org. Only, because it's no longer "real", I see the account listed as an unresolved SID (S-1-5-21-12XXX...-116) in the security properties of the Exchange's administrative group.
I can't simply remove the SID account listing because I get: You cannot remove S-1-5... because this object is inheriting permissions from its parent. The parent of the Administrative Group is the Exchange organization--right??--and that SID account is not listed.
I'm assuming that in order to remove this SID, I have to edit the AD directly. What can I do about removing all traces of this account?
Thanks.
.
- References:
- Unknown SID in Exchange 2003
- From: DoA User
- Unknown SID in Exchange 2003
- Prev by Date: Unknown SID in Exchange 2003
- Next by Date: enable a disabled account can take 180mins to enter mailbox
- Previous by thread: Unknown SID in Exchange 2003
- Next by thread: enable a disabled account can take 180mins to enter mailbox
- Index(es):
Relevant Pages
|
Loading
