Object already exists error

R

Repent34

Receiving an error for the object already esists when trying to create a
global security group "authenticated users" I know that this is a default
built-in group, however, the group had been previously deleted, but
apparently not totally from AD. I am trying to use LDP to remove it, but
what is the proper (attribute=value) that I need to use in the search
filter??
I have tried (groupname=authenticated users) and such but get not results so
I think the syntax is wrong.

chris
 
T

Tomasz Onyszko [MVP]

Repent34 said:
Receiving an error for the object already esists when trying to create a
global security group "authenticated users" I know that this is a default
built-in group, however, the group had been previously deleted, but
Click to expand...

How do You deleted this group. AFAIK this is on-thefly constructed group
with well known sid controled by OS:
SID: S-1-5-11
Name: Authenticated Users
Description: A group that includes all users whose identities were
authenticated when they logged on. Membership is controlled by the
operating system.
 
R

Repent34

thats a good question. What I can tell you is that the group is no where to
be found. When I do a "find" from the top level, I get no results so when I
try to create it again I get the object already exists error. But get this,
when I go to add a user, group, or whatever to the permissions on something,
I can see the authenticated users group in the listing, but cannot find it
anywhere to access it directly, like you would any other group. Wierd, I
know. That is why I'm trying to delete it and recreate it. I created
another global everybody type group in the interim but I want that default
group back.

chris
 
J

Joe Richards [MVP]

It is a well known security principal, not a group. I.E. There is no matching
group object. This is simply a SID added to the security token of users who are
authenticated. At most, you will see a foreignSecurityPrincipal for it in the
foreignSecurityPrincipals container in a domain. It will be an object with the
name S-1-5-11.

You can search your AD for all instances of it like so

adfind -gc -b -f name=S-1-5-11

You will probably see one for every domain.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

thats a good question. What I can tell you is that the group is no where to
be found. When I do a "find" from the top level, I get no results so when I
try to create it again I get the object already exists error. But get this,
when I go to add a user, group, or whatever to the permissions on something,
I can see the authenticated users group in the listing, but cannot find it
anywhere to access it directly, like you would any other group. Wierd, I
know. That is why I'm trying to delete it and recreate it. I created
another global everybody type group in the interim but I want that default
group back.

chris
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Add New Computer Object With VBS 9
removing failed DC from domain without turning on.?? 3
Change the group of a user in AD through C# 2
Hide group membership? 4
Error importing key - object already exists. 2
Generic processing error 1
Error 58, file already exists - why? 7
member already exists in an object module... 6

Top