Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain member can't see user deletion on domain

Status
Not open for further replies.
romainp

romainp

Technical User
Jul 31, 2007
11
0
0
CA
Hi,
I have a strange behaviour happening on a server and I need your help.
So here is the setup:
2 domain controllers
2 member servers that are configured as terminal servers.

Users use the TS in application mode.

Initially the users were configured to use roaming profiles, sync with DFS but right now, the DFS no longer synchronize the profiles from on server to the other (the 2 TS). But that not the major issue here.

I have delete a user on one of the domain controller.
On TS1, I can see that the server know that the user has been delete because for the 'local' profile stored in TS1 on doc and settings, if I edit the properties, the user does not appear anymore and instead I see the SID of the user, which indicate that the server knows that the user have been deleted.

But on the TS2, the user is still listed as a domain user in its profile's security properties.

Also, on TS2, if I check in the system properties/advanced/User profiles, I still can see the user (as a domain user domain\user) but I can't delete the profile.

So here are my questions:
- How can I delete on TS2 the profile of the deleted user?
- Why on TS2 the user still seems to be there even if it has been deleted from the domain controller?

Thanks.
 
Sort by date Sort by votes
first of all, reboot the server that you can't delete the profile from. for some reason there are still handles or somehow the OS has released this profile yet. after you reboot login as a domain admin and remove the profile.

2nd, Are these servers on the same network and can definately speak to each other. Run TCPView and see if ntfrs.exe and netlogon is listed as a process that is tied to each of the DC's. make sure that this process is running correctly on both. What does even viewer show? you can use eventid.net to lookup errors if found.
 
Upvote 0 Downvote
If the users were members of the local admin group then you will have a problem deleting the profile. Remove the user from the local admin group and you should be able to delete the profile.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
295
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
124
ADB100
ADB100
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
230
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
289
fredmartinmaine
fredmartinmaine
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
126
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top