What the heck is Account Unknown doing in my DC?

[James W. Long]

Hi All,

There is "Account Unknown" profile listed on my DC under
control panel->system->user profiles. Can I delete it safely?

This box has always been a domain controller.
There is no local account on it.

First it was a Win NT 4.0 Server PDC with DNS,
Then it was upgraded to Win 2000 Adv Server
and DCPROMO'd as a AD DC with integrated
AD DNS.

I am wondering if the unknown account was left over
from before it was DCPROMO'd?

If this is some bogus acount
that can go away in the name of security
then I am willing, but only as long as it will
not destroy this installation or my
beloved administrators account.

How do I tell?

Thank you,
James W. Long

 

[Danny Sanders]

then I am willing, but only as long as it will

not destroy this installation or my
beloved administrators account.

How do I tell?

Disable it. Check your event viewer regularly. If nothing stops working
after a few days/weeks or however long you want to keep it around to test,
delete it.


hth
DDS W 2k MVP MCSE

 

[James W. Long]

Dear Danny:

Disable it how? its not a user account, its a profile.

Thanks,
James W. Long

 

[Steven L Umbach]

That was the profile for a user that used to exist on the computer at one time and
was deleted either deliberately or via the dcpromo process which will kill any local
user accounts. As long as your administrator account is listed as a "current"
profile, I would not be concerned about deleting it. If you look at the properties of
the folder, it should tell you the date it was created and in the profile itself you
could find the user sid - not that it would do you any good. --- Steve

 

[James W. Long]

great Steve,

you said "If I look at the profile itself",
where do I find that, so I may attempt to make a better
determination wether to keep or delete this?

If I decided to demote this dc as part of some process,
(like upgrading it)
would I potentially need that old profile?

by the way, there are no user account folders for that profile.

anything else which may be useful

very much appreciate your info. Thanks.

James W. Long

 

[Steven L Umbach]

OK. Since the folders are already gone under documents and settings there is no way
to find out further info. I would just go ahead and delete it. It won't be needed for
dcpromo or such. There are no local accounts on a domain controller per se. However a
profile will be created for any user that logs onto the console that is based on the
default profile. There is a so called local account. That would be the account used
to restore Active Directory or logon to Recovery Console and is stored in the local
sam user database which can be seen by booting into Directory Services Restore Mode
and using lusrmgr.msc to see local users and groups. --- Steve

 

[Guest]

This happens frequently for my laptop users who work at
client sites. Client IT has a habit of knocking the
user's systems out of our domain so they can be added to
their domain. Once a profile is disassociated with the
domain and security info it's rendered as "Account
Unknown". I've usually just looked at the doc/settings
folder and matched up what was present in User Profiles
to eliminate the undesirables. The date stamp and
profile size in User profiles also helps in determining
when the profile was last used and how much data was
loaded into it. All that doesn't necessarily help you
answer your question though, I suppose.

 

[James W. Long]

Dear Steve and Anon:

Thank you both for all your excellent advice.
I think this profile was an old user, under NT server before
it was upgraded. or its could have had something to do with
my BDC under NT, possibly. neither of these things exist
anymore. After considering all your advice, I deleted it,
and all is still well with my beloved administrators account
as far as I am able to determine, and I don't think I am going to have
further problems in that repect. toast. and I am that much
more secure on my win2k DC.


Thank you very much for you help!

James W. Long.

 

[James W. Long]

Dear Steve and Anon:

Thank you both for all your excellent advice.
I think this profile was an old user, under NT server before
it was upgraded. or its could have had something to do with
my BDC under NT, possibly. Neither of these things exist
anymore. After considering all your advice, I deleted it,
and all is still well with my beloved administrators account
as far as I am able to determine, and I don't think I am going to have
further problems in that repect. I am just that much
more secure on my Win2k DC.


Thank you very much for you help!

James W. Long.

This happens frequently for my laptop users who work at
client sites. Client IT has a habit of knocking the
user's systems out of our domain so they can be added to
their domain. Once a profile is disassociated with the
domain and security info it's rendered as "Account
Unknown". I've usually just looked at the doc/settings
folder and matched up what was present in User Profiles
to eliminate the undesirables. The date stamp and
profile size in User profiles also helps in determining
when the profile was last used and how much data was
loaded into it. All that doesn't necessarily help you
answer your question though, I suppose.

Anon-
Considerably helpful though!
Thanks,
James