Share via


A deleted account remains in the Address Book, e-mail is not received, or a duplicate account exists

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Deleted accounts remaining in the global address list (GAL), e-mail messages for existing accounts not being received, or duplicate objects existing in Active Directory are all symptoms that can indicate a lingering object problem. If you have no error or event that identifies the lingering object and its directory partition (for example, event ID 1388 or event ID 1988), you must search the global catalog for an object that you believe might be causing the problem. When you identify the lingering object and the directory partition of the object, you can perform the procedures to remove it.

Solution

Based on these symptoms of a lingering object, you usually have a good idea of the name of the object and you can use the following steps to solve the problem:

  • Use this name to identify the object in the global catalog.

  • Identify the directory partition of the object.

  • Remove all lingering objects from that directory partition on all global catalog servers in the forest.

Identify the Duplicate (Lingering) Object

Use the following procedure to identify the duplicate (lingering) object by searching the global catalog for its distinguished name. Use an attribute that uniquely identifies the object for the account that is not receiving e-mail, cannot be created because it already exists, or appears in the Address Book or in access control lists (ACLs) when it has already been deleted.

Requirements

  • Administrative credentials: To complete this procedure, you must be a member of the Domain Users group.

  • Tool: Ldp.exe (Windows Support Tools)

To establish the distinguished name of an object

  1. Click Start, click Run, type Ldp, and then click OK.

  2. On the Connection menu, click Connect.

  3. In Port, type 3268, and then click OK.

  4. On the Connection menu, click Bind.

  5. In the Bind dialog box, provide credentials for a user account in the forest, and then click OK.

  6. On the View menu, click Tree.

  7. In the Tree View dialog box, in BaseDN, type the distinguished name of the forest root domain, and then click OK.

  8. In the console tree, right-click the forest root domain, and then click Search.

  9. In the Search dialog box, in Filter, replace the default filter (objectClass=*) to create a filter of the following form:

    (attribute=value)

    where attribute is the Lightweight Directory Access Protocol (LDAP) name of an attribute and value is the value that you know or suspect to be associated with the object that you are searching for. For example, use (userPrincipalName=JanD@contoso.com), (sAMAccountName=JanD), or (sn=Dryml) to locate the duplicate user object Jan Dryml. You can use the asterisk (*) in the value field if you want to search all objects.

  10. In the Scope box, click Subtree, and then click Run.

  11. Click Close, and then view the results. You must identify which of the displayed objects should be removed from Active Directory. An indication that you have found a lingering object that exists only on a global catalog server is that the object does not exist in a writable replica of the directory partition.

  12. If necessary, repeat steps 8 through 10 to rephrase the query, and then run it again.

Identify the Directory Partition of the Object

After you identify the distinguished name of the object that is causing problems, if it is a domain object, identify the domain in which it is located by looking at the DC= part of the distinguished name. For example, if the object you find has the distinguished name CN=Jan Dryml,CN=Users,DC=Region1,DC=Contoso,DC=com, the directory partition name for the user account is DC=Region1,DC=Contoso,DC=com.

Remove the Lingering Object

Use the directory partition name in the procedure "To use Repadmin to remove lingering objects" to remove the lingering object from all domain controllers and global catalog servers in the forest as described in "Event ID 1388 or 1988: A lingering object is detected."