Same computer account in 2 OUs

[JohnB]

I have the same computer account in 2 different OUs. I
wouldn't have thought that AD would allow that to happen.

Does it matter which one I delete? As far as the user
accessing the network from that machine...

 

[Bill Adragna]

Are these OU's located at different sites or within the same site.

Are you certain that the names are identical? Perhaps a hidden space?

If there are two sites involved, and the same computer account was
created on two different DC's, when replication happened, the account
would attempt to replicate, and whomever the naming master is would
resolve the name conflict. The behavior I have observed is one gets the
name, the other gets the same name, with a SID attached so it looks like

Computer.Room
Computer.Room233994003493

 

[JohnB]

"It is perfectly legal (a bad idea however) to have two objects
with the same "common name" as long as they are in different
containers (which gives them different distiguished names.)"

That part surprises me, 'cause of the messages in Event Viewer that are
complaining about the 2 containers containing a computer account named the
same.

I'll run replmon and repadmin

 

[JohnB]

Excellent - thanks!

This can happen if the account was added to two different DC's within one

replication cycle. I see it pretty often

actually due to how big of an environment we have. One of the machine

accounts usually will have the CN changed on it so

that it has a \n (newline character) CNF: and then a GUID. I usually delete the ID with the GUID.

If you don't have a GUID on one of them use my adfind (on free win32 tools

page of www.joeware.net) and run the

following command:

adfind -gc -b "" -f samaccountname=machinename$

For instance if I was looking for a machine name mainpro I would type

adfind -gc -b "" -f samaccountname=mainpro$

That should list all machines in the forest with that samaccountname and

their DN's and values. Check out the