Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Disabled user does not have a master account SID warning
0 views
Skip to first unread message
Sandy Wood
Feb 9, 2006, 7:42:27 PM2/9/06
to
My Exchange 2003 server is squawking about an account that doesn't have a
master account SID. I've done some checking and it appears that this happens
often if accounts are disabled incorrectly.
master account SID. I've done some checking and it appears that this happens
often if accounts are disabled incorrectly.
This account was deleted (well, almost) from Active Directory 3 weeks ago
and it's nowhere to be found in Active Directory or in Exchange System
Manager.
How can I find and delete the remnants of the is account to stop the events
from coming?
--
Sandy Wood
Orange County District Attorney
Andy David - [MVP]
Feb 9, 2006, 8:13:57 PM2/9/06
to
ALmost Deleted? Not sure what that means.
Vicnice
Feb 9, 2006, 8:37:21 PM2/9/06
to
http://www.petri.co.il/nomas_tool.htm
This page may provide some further insight. Have you searched through ADUC?
This page may provide some further insight. Have you searched through ADUC?
Sandy Wood
Feb 10, 2006, 12:41:29 PM2/10/06
to
What I mean by 'almost deleted' is that I read in a knowledge base article
that one reason this error can be generated is from an account that is not
quite deleted from AD. I'm as much in the dark as you are about this
interesting Microsoft statement.
that one reason this error can be generated is from an account that is not
quite deleted from AD. I'm as much in the dark as you are about this
interesting Microsoft statement.
Ultimately, I'd like to remove any 'almost deleted' remnants that are there
in AD somewhere.
--
Sandy Wood
Orange County District Attorney
Sandy Wood
Feb 10, 2006, 12:46:27 PM2/10/06
to
Yes, I've searched and searched AD for this account and it's nowhere I can
see. I think the NoMas tool will help me get the errant accout from AD.
see. I think the NoMas tool will help me get the errant accout from AD.
Thanks for the input.
--
Sandy Wood
Orange County District Attorney
John Fullbright
Feb 11, 2006, 7:03:59 PM2/11/06
to
The nomas tool will set the associated external accout to self for disabled
users, and clear it for enabled users. If you choose the "resynchronize"
option (used to be 228423; I think I like that name better as it's more
desciptive of why the option exists), it will do both and ensure that no
"invalid data" exists in the MSexchMasterAccountSID attribute. I don't see
where it will help with an account that was "almost deleted" and is not
visible in AD.
users, and clear it for enabled users. If you choose the "resynchronize"
option (used to be 228423; I think I like that name better as it's more
desciptive of why the option exists), it will do both and ensure that no
"invalid data" exists in the MSexchMasterAccountSID attribute. I don't see
where it will help with an account that was "almost deleted" and is not
visible in AD.
This really sounds more like a lingering object issue in AD. You might try
repadmin/removelingeringobjects.
"Sandy Wood" <sandy...@nospam.com> wrote in message
news:4D803399-C80F-4123...@microsoft.com...
0 new messages