acls remain for deleted items after 60 days

G

Guest

Have an active directory environment with multiple sites and domains (Windows 2000 SP3), when we delete an object its acl does not dissappear (specific case was for an account set through ADSIEDIT and Exchange System Manager) but instead appears as an unresolved SID

In testing this is still the case even after object no longer appears in the deleted items containe
i.e. the 60 day tombstoning has kicked in and garbage collection has removed the ite

Conclusion from this would be:
There is no process which removes the SIDs of deleted objects from the Access Control Lists on Active Directory containers; therefore cleanup will have to be done manually

Be grateful if this could be confirmed..
 
A

a-davew [MSFT]

The issue you are describing is documented in the following article:
247482 Error Message: Security Policies Are Propagated with Warning. 0x534
http://support.microsoft.com/?id=247482

You may or may not be getting this error, but it describes the SID "hanging
around" in ACLs. It is, unfortunately, as you suspected, and you will need
to clean it up by hand.

David Waldron
MCSE+I, MCP+I, MCDBA, MCSA, MCT
Microsoft Enterprise Support
EPS Directory Services Team
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

acls remain for deleted items after 60 days 5
Cannot delete child domain 4
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers 0
Windows 10 Windows 10 Fall Creators Update 15
Asp.net Important Topics. 0
FWT Newsletter - Weekly - February 2, 2004 1
WTD: Nvidia Videocard for 4x AGP Slot 0
FWT Newsletter - Weekly - November 3, 2003 2

Top