Re: Duplicate Computer Account Objects CNF???

---

• From: Wayne Tilton <Wayne_Tilton@xxxxxxxxxxxxxxxx>
• Date: Tue, 01 Nov 2005 16:21:42 -0800

---

=?Utf-8?B?Um9i?= <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:848BD63B-0036-495D-BE3A-E918D84EC642@xxxxxxxxxxxxx:

> I'm not sure if this is the right newsgroup for this but i'm hoping to
> get an idea as to a problem i'm seeing in our AD.
>
> I'm beginning to see something like duplicate computer name for
> example:
>
> seat001
> Seat001CNF:0e60630b-2dec-42db-ba54-99f6119a3c06
>
> This has started happening in the last few weeks. i'm not sure whats
> causing it or what the CNF is. The computers seem to work properly but
> I don't know where to start. Does anyone know what the CNF is?
>
> Any help is greatly appreciated.
>

This is ADs way of handling duplicate objects via conflict resolution.
Duplicate objects can occur when an object is created on two different
domain controllers in the same replication interval. For example, if a
computer object named COMP1 is created on DC1 and another computer object
named COMP1 is created on DC2 during the same replication interval, there
is a conflict when they try to replicate the objects. To resolve the
conflict, AD adds CNF:[guid] to one of them and writes an error message
to the log on the DC that detected the conflict.

My personal experience is that this usually happens when creating
computer account manually on one DC and then trying to join the domain
using a different DC (which you have no control over). Since the object
doesn't exist on the 2nd DC, it creates a new one, which results in a
conflict when they replicate with each other.

The error message on the DC tells you which one to keep, which is usually
the one with the latest whenChanged attribute for computers (it is
usually the opposite with users, you want to keep the earliest one as
identified by the whenCreated attribute).

HTH,

Wayne Tilton
.

---

• Prev by Date: Locking Down a AD domain controller
• Next by Date: Re: Wndows 2000 and 2003 forests and domains
• Previous by thread: Locking Down a AD domain controller
• Next by thread: Re: Duplicate Computer Account Objects CNF???
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IRQ BSOD ... You receive a "Stop 0x0000000A" error message in Windows XP ... could be a faulty memory problem or a driver conflict problem. ... (microsoft.public.windowsxp.help_and_support) Re: Random restarts ... >recovered from a serious error message and says its a driver conflict yet I ... >checked and thier is no conflict. ... Click on the Settings button in the Startup and Recovery ... Automatically restart to clear it. ... (microsoft.public.windowsxp.help_and_support) Re: .net 2.0 beta DetailsView question ... In the ItemInserting event handler, ... SQL constraint which will be violated in the event of a name conflict. ... I would then write a friendly error message out and flag the Exception ... (microsoft.public.dotnet.framework) Re: IP address conflict ... I am using windows ce 5.0 device. ... I am able to see when there is an ip address conflict CE system is ... posting one error message. ... Same way to disable the Windows CE error message. ... (microsoft.public.windowsce.platbuilder) Re: Error Code-12 ... In the same properties page where the error message occurs, ... Resources tab. ... Windows 2000 attempts to flag the associated device that is ... Either disable or remove the device that is in conflict to see if the ... (microsoft.public.win2000.setup_deployment)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2005-11