RE: Cleaning up old accounts
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Mon, 10 Jul 2006 10:27:26 GMT
Hi,
Thanks for using the SBS newsgroup.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
Could you let me know what issue you have encountered in your end?
Based on my knowledge, when we delete one user account, the changes will be
updated to the GC and replicate to all DCs. And the deleted accounts will
be updated automatically. If the changes do not update the security tab,
which indicates that there is replication issue between DCs or you can not
delete them successfully in ADUC.
Please help me collect some information to isolate the issue:
1. How many DCs in your domain? Is it SBS 2003 network environment?
2. Can you find the deleted user objects in ADUC? I suggest that you refer
to the steps below to check if the user account object is deleted:
1). Open Active Directory Users and Computer.
2). Right click the Domain Node, select All Tasks -> Find.
3). Select "User, Contacts and Groups" in the "FIND" drop down list.
4). Select your domain name in the "IN" drop down list. Please select the
Domain where you created a user account with the same name.
5). Input the user account name and click FIND. What is the result?
6). Then please repeat step 4) and 5), and select the "Entire Domain" in
the "IN" drop down list, search the user account, what is the result?
7). Then repeat step 4) and 5), select the domain name where the original
user account is deleted in the "IN" drop down list. Search the user account
and let me know the result.
3. Please also check the affected user account in ADSIEDIT console, can you
find it?
In ADSIEDIT, go to domain->DC=<server name>->CN=Users, in the right pane,
please look for the problematic user.
4. If the user account can not be viewed in ADUC and ADSIEDIT, the issue
persists. The affected object belongs to a kind of objects, called Phantom
objects. As the definition says, this is an object that has beendeleted,
and whose tombstone lifetime has passed. However, references tothe object
are still present in the directory database. Phantom objects arespecial
kinds of internal database tracking objects that you cannot viewthrough any
LDAP or Active Directory Service Interface (ADSI) tool. For more
information, please refer to the following article.
248047 Phantoms, Tombstones and the Infrastructure Master
http://support.microsoft.com/?id=248047
More information:
===================
HOW TO: Find and Clean Up Duplicate Security Identifiers with Ntdsutil in
Windows Server 2003
http://support.microsoft.com/?id=816099
I appreciate your time. I am happy to be of assistance to you and look
forward to your reply.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "-E-" <none@xxxxxxxx>TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00
Newsgroups: microsoft.public.windows.server.sbs
Subject: Cleaning up old accounts
Date: Fri, 7 Jul 2006 14:54:35 -0700
Organization: Aioe.org NNTP Server
Lines: 9
Message-ID: <e8mkst$t7e$1@xxxxxxxxxxxxx>
NNTP-Posting-Host: 8wTZow/swNjVdtn3uf/klw.user.aioe.org
X-Complaints-To: abuse@xxxxxxxx
X-RFC2646: Format=Flowed; Original
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-Priority: 3
X-MSMail-Priority: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Path:
..sul.t-online.de!t-online.de!news.karotte.org!news2.arglkargh.de!news.cnetm.
de!news.motzarella.org!eleonora.aioe.org!emma.aioe.org!aioe.org!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:279913is
X-Tomcat-NG: microsoft.public.windows.server.sbs
I remember seeing a utility which cleaned up deleted accounts from the
security tab. I am not sure whether it was reskit utility, but your help
appreciated.
--
-E-
---
.
- References:
- Cleaning up old accounts
- From: -E-
- Cleaning up old accounts
- Prev by Date: How I can copy with exclusive Options
- Next by Date: DMZ and file sharing
- Previous by thread: Cleaning up old accounts
- Next by thread: How do I reconfigure SBS 2003 from 2 nic to 1 nic
- Index(es):
Relevant Pages
|
