Re: Can't delete a corrupt user object
- From: Pinkel <Pinkel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 04:13:01 -0800
Thanks Joe. Found it on the root server of the parent domain in the GC. Now
we have to delete the GC of the clild domain. Can you advise about this?
"Joe Richards [MVP]" wrote:
Leave Exchange out of it until we understand what is going on AD..
Exchange can complicate it because you have offline address books etc
that can hold old info.
You need to query every DC in the domain that the user was created in
and check to see if it there. Then check every global catalog in the
forest to see if it is there. If you find the deleted user on any of
those DCs, you have a replication problem you need to deal with.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:
Dear Joe,
Thanks for your help. But now its changed. I will explane. Here is 1 parent
domain and 5 child domains. One of the clild domains was made a user. For
reasons the user is deleted and made again in the same OU. From there came
the problem that the old user is corrupt. The deleted user and new user where
in the same OU and shown in the global address book of exchange. When you do
a search of each domain controller in each domain, you'll find the only the 2
users when you search on "Entire Directory".
Now i have moved (a week ago) the new user to an other OU. Now, in the
domain of the users, the deleted user is gone when you do an "Entire
Directory" search. But, when you do the same search from an other domain
controller in one of the other domains, the user is still there. Even the
user is shown in the global address book of Exchange.
Searching with LDP or ADSIEdit in the domain of the users, still i can not
find the deleted user, only the new moved user.
For sure, i now its a problem with replication/sync between the different
domains. But with RepMon, it did not show any problems. Maybe i have to wait
for a little time more......
Please advise. Thanks.
greetings, Rink
"Joe Richards [MVP]" wrote:
The square control character is a newline and I can assure you that both
ADSIEDIT and LDP can display it though the square may be displayed more
correctly as \0A.
The names aren't the same, that was the reason the conflict (that is
what CNF: stands for) occurred. So the conflict object is renamed to
name\0ACNF:ObjectGuid
But yes, the objects should be in the same container unless someone
moved it.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:
ADSIEDIT and LDP won't show me the user with the square control character.
Only the new user is visible. This is also on the Primary Domain Controller
of the child domain, on the Backup Domain Controller, on the Primary and
Secondary Domain Controller of the Parent Domain.
When i do a full search on the Entire Directory and find the user with the
square control character, it sould be in the sam OU of the new user with the
same name. So i'am looking right......
Please help
"Joe Richards [MVP]" wrote:
The user isn't corrupt, it is an object that experienced a replication
conflict (or collision if you prefer).
ADSIEDIT and LDP both can delete this if you can locate it. In LDP use
tree view mode and browse down to it. You should also be able to do this
with ADSIEDIT. If you can't find it, either it was already deleted and
the GAL is not getting updated (i.e. offline/cached) or you aren't
looking in the right place.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:
There are some corrupt user objects in AD. In the exchange addressbook, there
is an user object that was deleted.
When you browse in the ad (UAC) where the object is placed, its not there.
Only when search on "Entire Directory", then you find the user object like:
Clarke,Andrew <square control character> CNF:6a70d5f5-
23d1-9cc2-8e96aff678c2. If you try to delete is, you get an error (Windows
cannot delete object Clarke,Andrew <square control character> CNF:6a70d5f5-
23d1-9cc2-8e96aff678c2 because: Directory object not found.
I have used LDP and ADSIEdit, but with both tools i could not find the user
object. When you make a new user with the same name (Clarke,Andrew), ad
accepts it.
What can i do, to delete the corrupt user object from the ad and addressbook?
- Follow-Ups:
- Re: Can't delete a corrupt user object
- From: Joe Richards [MVP]
- Re: Can't delete a corrupt user object
- Prev by Date: Re: Overlap subnets in AD sites and Services
- Next by Date: Re: mandatory active desktop background
- Previous by thread: Re: GPO/AD NULL SID problems
- Next by thread: Re: Can't delete a corrupt user object
- Index(es):
Relevant Pages
|
