J
JonathanG
Have an active directory environment with multiple sites and domains
(Windows 2000 SP3), when we delete an object its acl does not
dissappear (specific case was for an account set through ADSIEDIT and
Exchange System Manager) but instead appears as an unresolved SID.
In testing this is still the case even after object no longer appears
in the deleted items container
i.e. the 60 day tombstoning has kicked in and garbage collection has
removed the item
Conclusion from this would be:-
There is no process which removes the SIDs of deleted objects from the
Access Control Lists on Active Directory containers; therefore cleanup
will have to be done manually.
Be grateful if this could be confirmed...
(Windows 2000 SP3), when we delete an object its acl does not
dissappear (specific case was for an account set through ADSIEDIT and
Exchange System Manager) but instead appears as an unresolved SID.
In testing this is still the case even after object no longer appears
in the deleted items container
i.e. the 60 day tombstoning has kicked in and garbage collection has
removed the item
Conclusion from this would be:-
There is no process which removes the SIDs of deleted objects from the
Access Control Lists on Active Directory containers; therefore cleanup
will have to be done manually.
Be grateful if this could be confirmed...