Unable to delete active directory object (was a user account)

[Scott Wilson]

All;

Thanks for your time in advance.

Please see the following previous thread:
http://groups.google.com/groups?hl=...m=#F#[email protected]#link1

Current set-up
1 Win 2003 Active Directory Controller (2003 Forest, 2000 Domain)
1 Exchange Server (that is not an AD controller) (exchange 2003)

Now, we have tried all of that to no avail. I have had a couple of
conversations w/ Microsoft critical support folks (while dealing with
other problems) that have lead me to the meta data... Here are the
symptoms:

1) Using AD Users and Groups when you try to look @ the properties
you get the following error as administrator (who has rights to the
whole forest, domain, and OU that the object is in. "The Active
Directory object could not be displayed. \n Unable to view attribute
or value. You may not have permissions to view this object." When
you try to delete the object you get "Windows cannot delete object
USER NAME because: The specified directory service attribute or value
does not exist."

2) When you try to do the same process in ADSIEdit, properties shows
"An invalid directory pathname was passed". Delete shows "This folder
or one of its children has one or more property sheets up. Please
close the property sheet before continuing with this action"

*** That in itself is a strange message, being that the object has
been in AD for over 6 months, and ALL machines have been rebooted...

3) In ADSIEdit, the object shows up like a notepad item, not a folder
even though all of the other user objects show up as a folder. The
object is also not displayed on the left hand side (the tree view),
but does show up at the end of the right site (object view)

4) The object still does have attributes attached to it, some
exchange that I am aware of, because it has an e-mail address for a
valid user on our system. When we try to assign that e-mail address
to the user it says that the address is in use.

I have identified KB article Q230306 which talks about removing
orphaned domains, but this is obviously not what I am looking for. I
have not been able to find anything either on google, or
support.msft.com about a problem like this.

Any help is appreciated.

-Scott

 

[Scott Wilson]

Reply from Microsoft (Partner forums - Sharing for the common good):

----------------

To delete the user account, please follow the steps below:

1. Click Start, and then click Run.

2. In the Open box, type cmd.

3. At the command prompt, type the following command, where <user_dn>
specifies the distinguished name of the user object to be deleted:

"dsrm <user_dn> " (without the quotation marks)

KBArticles referenced:
298882 The new command-line tools for Active Directory in Windows Server 2003
http://support.microsoft.com/?id=298882

322684 HOW TO: Use the Directory Service Command-Line Tools to Manage Active
http://support.microsoft.com/?id=322684

 

[Scott Wilson]

Unfortunatelly that did not work (What happened when I ran it):

f:\>dsrm "CN=USER,OU=ORG UNIT ,DC=local,DC=DOMAIN,DC=TLD"
dsrm failed:CN=USER,OU=ORG UNIT,DC=local,DC=DOMAIN,DC=TLD:
The specified directory service attribute or value does
not exist.

It does exist... When I run a ldifde -f c\:user.ldf
-d "< DN of user account>" I get the object information that looks similar to:

dn: CN=USER,OU=ORG UNIT,DC=local,DC=DOMAIN,DC=TLD
changetype: add
instanceType: 4
whenCreated: 20030819143745.0Z
whenChanged: 20040430214845.0Z
uSNCreated: 12482
uSNChanged: 12482
badPasswordTime: 127280799195281250
dSCorePropagationData: 20040501210606.0Z
dSCorePropagationData: 20040430234840.0Z
dSCorePropagationData: 16010101000417.0Z


More to come...