Remove user from Active directory

[Guest]

HI All
I have a problem with a corrupt object in Active Directory.
Here is the scenario;

I migrated users from domain A to domain B , after period of time I forced
to restore active directory of domain B to date before users migration , sure
migrated users will not appear in active directory users and computer
snap-ins after restore , but I found their contacts still show up in my
Exchange GAL. If i do a search in AD on the entire directory I can see the
contact show up, if i do a search on any of A or B domains or the root domain
the search will not find the deleted contacts



When I try to delete the contact I get this error.
Error: Unwilling to perform .<53>

Any one could help to solve this problem
thanks in advance

 

[Guest]

First off... YUCK!

Now then, you might be able to utilize ADSIEdit and point specifically to
the Domain controller B that you had to restore. I am assuming you want to
delete the objects on this server specifically. ADSIEdit is available for
download from Microsoft as well as being part of the Support Tools on the
Windows CD. When you open the ADSIEdit in the MMC you will then have to
connect to an object. You should select to connect specifically to a domain
controller and NOT the Domain. If you select the DOMAIN you could be
connected to any one of the systems. Select the domain controller you
restored to. Then, see if you can hunt down the objects.

BEFORE YOU DELETE ANYTHING!!! Make sure that you have a system state backup
of your domain controllers - all of them. There is really no telling from
the information you have provided which DC has a good copy. You can use the
NTBACKUP included with Windows 2003 and backup the System State to a local
file. That way you can do an authoritative restore from a good domain
controller if you have to.

Within ADSIEdit, once you locate the objects you want to delete you can
delete them. I have a suspision that it might be very difficult to tell the
right account from the wrong account - in which case you can end up deleteing
both the good and the bad account. You would then have to re-create the
account and associate it with any email boxes you had for it. In addition,
permissions and group assignments would have to be recreated. I really hope
you didn't have too many accounts like this as this could be some very
tedious work.

Good Luck!

 

[Guest]

thanks Paul
i tried to use ADSIEDIT tool , but a can't found the object , when i used
LDP utility , i found object if i connect from GC server in domain A , but
when i try to delete object i can't , when i use ldp from gc in domain B , i
can't view the lingering objects ,
how i can deal with such condetion
qut