Deleted CNF Duplicated user, -----IMPORTANT------

[Guest]

Hello,

Some guy in my company create a user, the user already exists, so AD rename
one of the user (the old one) as a usernameâ–¡CNF:96dbf334.... (the GUID
number).

When im look for the user in ADUC appears the 2 user, but the user with the
CNF i cannot see his properties or delete, appears me and error that says:
Runtime Error ¡¡¡

This users exists in one of my child domains (in which i have 5 GC's) , if i
look for the user from the ADUC in one of the servers in the child domain i
found 1 user.

The problem is when i look for the user in ADUC in one of the GC's in the
parent domain and define Entire Directory in the search, whit this search i
found 2 users, but the user with the CNF i cannot see his properties or
delete it, appears me and error that says: Runtime Error ¡¡¡

How can i delete this CNF user ??

Windows 2000 SP4, native mode, 1 parent, 2 childs, 40 sites, 80 DC's

Thaks.

AOgazon

 

[Laura E. Hunter [MVP]]

Try downloading admod from http://www.joeware.net/win/free/tools/admod.htm.

Once you've downloaded it, you can delete an object using the following
syntax at the command-line:

admod -b cn=jsmith\CNF445354,ou=Finance,dc=company,dc=com -del

(obviously replace ou=blah,dc=blah,dc=blah with whatever's appropriate for
your network.)

2003 has built-in commandline tools like dsrm to remove objects from the
command-line, but I like admod better anyway.

HTH

 

[Guest]

Laura,

To find the object and make a 2ble check i use ADFind, with this tool, i
dont see the object, only with ADSIEDIT, LDP (both in global catalog
connection mode) or with ADUC searching with Entire Directory Filter.

Do you think that if ADFind doesnt find the object ADmod is being capable to
delete it. ??

Thanks a lot.

 

[Ace Fekay [MVP]]

In

Laura,

To find the object and make a 2ble check i use ADFind, with this
tool, i dont see the object, only with ADSIEDIT, LDP (both in global
catalog connection mode) or with ADUC searching with Entire Directory
Filter.

Do you think that if ADFind doesnt find the object ADmod is being
capable to delete it. ??

Thanks a lot.

If you can see it in ADSIEdit, are you able to delete it in there?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If you are having difficulty in reading or finding responses to your post,
instead of the website you are using, if I may suggest to use OEx (Outlook
Express or any other newsreader of your choosing), and configure a newsgroup
account, pointing to news.microsoft.com. This is a direct link into the
Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
account with your ISP. With OEx, you can easily find your post, track
threads, cross-post, and sort by date, poster's name, watched threads or
subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

With ADSI Edit i can only see the object if i make a connection with global
catalog protocol and in this mode i cannt delete the object, if i connect in
LDAP protocol i dont see the object.

Jesus

 

[Ace Fekay [MVP]]

In

With ADSI Edit i can only see the object if i make a connection with
global catalog protocol and in this mode i cannt delete the object,
if i connect in LDAP protocol i dont see the object.

Jesus

Jesus?

I can understand if you can't delete it using the GC since the GC is just a
read only copy of what it finds in the AD database. I've been able to delete
any CNFs I've encountered in the past, but not being able to delete it makes
me wonder what else is happening.

Since you have 40 sites, 80 DCs and whatever GCs, unless it can be deleted
at the DC it was created on, and depending on your Site and schedule
topology, I would otherwise wait until a full replication cycle of all the
DCs in the forest has been completed and see if this object still remains.
If there is a time difference between Sites where one site is getting
replication from another site, it may require waiting for two replication
cycles.

Ace

 

[Joe Richards [MVP]]

If that object is in the directory, adfind can find it if you tell it properly
where to look and if you have permissions to see it.