|
Okay, I will double check… Todd From: joe
[mailto:[EMAIL PROTECTED] Ok so you have the actual DN of the object
in the GC and you went to look at that actual DN in the default context and it
isn't there? I am simply asking because the ADC/Exchange can dork things around
a bit and you may see one name and think you are looking at the right thing
from the GAL yet the real object name is something different. The GAL is
displaying (I believe) the displayName. You can easily have an object with the
displayname of "Myrick, Todd (NIH/CIT)" yet have the username be
something like TODDISCOOL. I just wanted to be really sure before
sending you down the lingering objects direction because that means other bad
things like Al says, something isn't right, and this isn't your main problem,
it is simply a symptom. joe From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Myrick, Todd (NIH/CIT) Joe the account doesn’t exist in the
child domain, and I haven’t found a reference to it in any domains. The GC entry point to
NTDS://IC.NIH.GOV/Users/<User Name> when I use the AD Search command.
So the entry in the GC’s thinks the account is located in the child
domain where there is no account for that user any longer. Any idea how to scrub the GC’s, I
have tried using LDP like the Q articles say, but it seems once a GC thinks a
entry is in a specific location, it really has a hard time wanting to get rid
of it. Todd From: joe
[mailto:[EMAIL PROTECTED] Todd are you absolutely positive it
doesn't exist in AD or maybe it simply isn't in the location you are expecting?
The -1 issue is as Al indicated an ADC match issue. It sees something on the AD
side and can't match it to the 5.5 side so it creates an object in 5.5. Then
depending on how your ADC is configured it can pop something back on the AD
side. Usually the ADC is configured to be able to create objects in certain
OU's/containers that may be different from where you are used to looking. I would also check multiple DCs in that
child domain for the object. Most likely I would test every DC. Here is a
little perl script that makes that fairly easy... $domain=shift; @output=`nltest
/dclist:$domain 2>&1`; @tmp=grep(/site/i,@output); print
"\nALLDC V01.00.00pl Joe Richards ([EMAIL PROTECTED]) November
2001\n\n"; } print
"\n"; Note that this is a very quick and dirty
script, just intended to give some quick functionality to do something against
all DCs in a domain.... anyway I would do something like alldc domain.com "adfind -h
<server> -default -f name=idname -dn" If you need to put quotes in the command
you want to run against every server then do it something like alldc domain.com "adfind -h
<server> -default -f \"name=idname\" -dn" joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) I tried what is described in the KB 314282
article, but only tried it on port 389 like the instructions said. The problem I have is that the object and
GUID no longer exist at all in the original child domain. So I am
wondering since it is all the GC’s that have the lingering read-only
object, should I run the clean-up process using LDP and the
RemoveLingeringObjects option on the GC’s on port 3268? I tried
doing on port 389, and it didn’t work. I will defiantly post my results once I
figure out how to do this. Todd From: Coleman, Hunter
[mailto:[EMAIL PROTECTED] Todd- Not sure if this will work for you or not:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314282 There was a similar thread back in January
or so; this is the tail end http://www.mail-archive.com/[EMAIL PROTECTED]/msg13088.html and
you can do alternate searches to get the full discussion. Good luck... Hunter From: Myrick,
Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] There appears to be two entries for User
in the AD Global Catalogues. The one account appears to have been ADC'ed
& unADC'ed "Doe, John (XYZ)"
at some point, the other account appears to have been ADC'ed, but then deleted
(Never un ADC'ed) "Doe, John
(XYZCORP)-1". Both accounts appear in our Domain's GC,
and All the Child domain GC's except the Child domain where the account
originated. The "Doe, John
(XYZ)" exist in their GC, but not the "Doe, John
(XYZCORP)-1". Both accounts were homed in the child
domain, just one got deleted, the other didn't. We are now trying to ADC a mailbox in the
parent domain, to a different account all together. The ADC process is
failing because it seems to still think the mailbox we are ADCing is linked to
"Doe, John (XYZCORP)-1". This account no longer exist in the child
domain, and we don't know how to unADC and account that doesn't exist. Any help would be appreciated Todd From: Mulnick, Al
[mailto:[EMAIL PROTECTED] Can you redescribe that for us? It
sounds like you have a GC that wasn't supposed to be there, but I'm not sure I
follow completely. From: Myrick,
Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Greetings all, we are seeing an entry appear in our GC's
that is not in the original location. It appears after it was deleted, it
did not replicate out the deleted item, and now us causing ADC issues. http://support.microsoft.com/default.aspx?scid=kb;en-us;293474 The recommended MS way seems a little excessive. Does
anyone have a better way of getting ahold of the entry and getting it out of
the directory? Thanks, Todd |
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Mulnick, Al
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Coleman, Hunter
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Eric Fleischman
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Mulnick, Al
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Orphaned GC Entry... How do I clean... Myrick, Todd (NIH/CIT)
