Cannot find user account in AD

[Javier]

I have a strange problem with a Domain I inherited. We have a user
account called user1 that I cannot locate anywhere in AD. I've
searched all of AD and have even run Advanced Searches but not dice.
I've selected the Advanced Features in ADUC but the user account
cannot be located. We know that the account exists because we can join
a new out of the box workstation to the domain and login with the
user1 account without a problem.

I would really appreciate any help with this problem.

Javier

 

[Richard Mueller [MVP]]

I have a strange problem with a Domain I inherited. We have a user
account called user1 that I cannot locate anywhere in AD. I've
searched all of AD and have even run Advanced Searches but not dice.
I've selected the Advanced Features in ADUC but the user account
cannot be located. We know that the account exists because we can join
a new out of the box workstation to the domain and login with the
user1 account without a problem.

The name "user1" could be either the value of the cn attribute (Common Name)
or sAMAccountName (the NT name of the user, also called the "pre-Windows
2000 logon name").

 

[Jorge de Almeida Pinto [MVP - DS]]

query AD for it using the following filter

"(&(objectCategory=person)(objectClass=user)(sAMAccountName=user1))"

of course assuming USER1 is its sAMAccountName

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Richard Mueller [MVP]]

The name "user1" could be either the value of the cn attribute (Common
Name) or sAMAccountName (the NT name of the user, also called the
"pre-Windows 2000 logon name").

In ADUC you can use the Find on the Action menu. Select "Action", "Find",
select the "Advanced" tab. Find users in your domain. Click "Field", "User",
and first pick "Logon Name (pre-Windows 2000)". For Condition pick "Is
(exactly)", and enter your value "user1", and click "Add", then click "Find
Now". If you find the object, double click it and go to the "Object" tab to
see where it is in Active Directory. If the user object is not found, try to
search on "Logon Name", then "Name"

"Logon Name" will be similar to "(e-mail address removed)". "Name" will be the
Common Name of the object. "Logon Name (pre-Windows 2000)" is the NT name
(the value of the sAMAccountName attribute).

I hope this helps.

 

[Javier]

query AD for it using the following filter

"(&(objectCategory=person)(objectClass=user)(sAMAccountName=user1))"

of course assuming USER1 is its sAMAccountName

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->http://blogs.dirteam.com/blogs/jorge/rss.aspx
---------------------------------------------------------------------------­---------------
* How to ask a question -->http://support.microsoft.com/?id=555375
---------------------------------------------------------------------------­---------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
---------------------------------------------------------------------------­---------------
#################################################
#################################################







- Show quoted text -

Guys,

I found the problem. Someone created an OU called "Guest Users and
added the user1 account in there. They then denied anyone in the
domain Admin or Enterprise Admin as well as the system account access
to the OU. It was stashed five OU's deep in AD so it took a while to
find.