Re: Can't delete a corrupt user object

Dear Joe,

Thanks for your help. But now its changed. I will explane. Here is 1 parent
domain and 5 child domains. One of the clild domains was made a user. For
reasons the user is deleted and made again in the same OU. From there came
the problem that the old user is corrupt. The deleted user and new user where
in the same OU and shown in the global address book of exchange. When you do
a search of each domain controller in each domain, you'll find the only the 2
users when you search on "Entire Directory".
Now i have moved (a week ago) the new user to an other OU. Now, in the
domain of the users, the deleted user is gone when you do an "Entire
Directory" search. But, when you do the same search from an other domain
controller in one of the other domains, the user is still there. Even the
user is shown in the global address book of Exchange.
Searching with LDP or ADSIEdit in the domain of the users, still i can not
find the deleted user, only the new moved user.
For sure, i now its a problem with replication/sync between the different
domains. But with RepMon, it did not show any problems. Maybe i have to wait
for a little time more......

Please advise. Thanks.

greetings, Rink

"Joe Richards [MVP]" wrote:

The square control character is a newline and I can assure you that both
ADSIEDIT and LDP can display it though the square may be displayed more
correctly as \0A.

The names aren't the same, that was the reason the conflict (that is
what CNF: stands for) occurred. So the conflict object is renamed to
name\0ACNF:ObjectGuid

But yes, the objects should be in the same container unless someone
moved it.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Pinkel wrote:
ADSIEDIT and LDP won't show me the user with the square control character.
Only the new user is visible. This is also on the Primary Domain Controller
of the child domain, on the Backup Domain Controller, on the Primary and
Secondary Domain Controller of the Parent Domain.

When i do a full search on the Entire Directory and find the user with the
square control character, it sould be in the sam OU of the new user with the
same name. So i'am looking right......

Please help

"Joe Richards [MVP]" wrote:

The user isn't corrupt, it is an object that experienced a replication
conflict (or collision if you prefer).

ADSIEDIT and LDP both can delete this if you can locate it. In LDP use
tree view mode and browse down to it. You should also be able to do this
with ADSIEDIT. If you can't find it, either it was already deleted and
the GAL is not getting updated (i.e. offline/cached) or you aren't
looking in the right place.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Pinkel wrote:
There are some corrupt user objects in AD. In the exchange addressbook, there
is an user object that was deleted.

When you browse in the ad (UAC) where the object is placed, its not there.
Only when search on "Entire Directory", then you find the user object like:
Clarke,Andrew <square control character> CNF:6a70d5f5-
23d1-9cc2-8e96aff678c2. If you try to delete is, you get an error (Windows
cannot delete object Clarke,Andrew <square control character> CNF:6a70d5f5-
23d1-9cc2-8e96aff678c2 because: Directory object not found.

I have used LDP and ADSIEdit, but with both tools i could not find the user
object. When you make a new user with the same name (Clarke,Andrew), ad
accepts it.

What can i do, to delete the corrupt user object from the ad and addressbook?


.

Relevant Pages

  • Re: Cant delete a corrupt user object
    ... Leave Exchange out of it until we understand what is going on AD. Exchange can complicate it because you have offline address books etc that can hold old info. ... If you find the deleted user on any of those DCs, you have a replication problem you need to deal with. ... When you do a search of each domain controller in each domain, you'll find the only the 2 users when you search on "Entire Directory". ... Searching with LDP or ADSIEdit in the domain of the users, still i can not find the deleted user, only the new moved user. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant delete a corrupt user object
    ... Looking featere, when i do a search the other domains in the tab Exchange, ... Show only exchange recipients with mailbox, i find the deleted user (like the ... a search of each domain controller in each domain, you'll find the only the 2 ... Searching with LDP or ADSIEdit in the domain of the users, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant delete a corrupt user object
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... If you find the deleted user on any of those DCs, you have a replication problem you need to deal with. ... When you do a search of each domain controller in each domain, you'll find the only the 2 users when you search on "Entire Directory". ...
    (microsoft.public.windows.server.active_directory)
  • Re: event 9188
    ... I have tried with ADSIedit as you told. ... These all 3 objects pointed to the domain controller. ... Exchange then browse to the same location as the RUS objects as seen in ESM. ... Install the Windows Support Tools. ...
    (microsoft.public.exchange.admin)
  • RE: Remove user from Active directory
    ... you might be able to utilize ADSIEdit and point specifically to ... > the Domain controller B that you had to restore. ... That way you can do an authoritative restore from a good domain ... > right account from the wrong account - in which case you can end up deleteing ...
    (microsoft.public.win2000.active_directory)