Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mystery of the missing AD User Account

Status
Not open for further replies.
Roadki11

Roadki11

MIS
Mar 23, 2005
1,097
0
0
US
Good morning,

I had this same issue on the same windows 2003 standard server SP1 early this spring. After i applied SP1 it cleared up but the issue has returned and i need some help. Seems users are just disappearing from AD. Yesterday 1 user vanished and this morning 2 different user have disappeared. DCDIAG and NETDIAG come back clean. Google says lots of people have had this issue but i see no remedies or pointers to the root cause. Server is 100% up2date on patches and service packs. I have added a 2nd DC, windows 2003 R2 a month ago, has been working fine up until now. The accounts are missing from the replica also. The server with the issue is the FSMO master and the R2 server is a 2nd global catalog server. Both servers run DHCP and DNS(AD Integrated), dns is functioning well. DC's are on different subnets and replication is working fine. Any thoughts?

thanks,

RoadKi11
 
Sort by date Sort by votes
Just to get a better idea of your environment:
1) Are you the only one that has access to AD?
2) Do you have any applications that manipulate AD (i.e. PeopleSoft)?
 
Upvote 0 Downvote
I am the only one with administrative access to the servers. No, i do not have any apps that touch AD.

RoadKi11

 
Upvote 0 Downvote
I should rephrase that, i do have Backup Exec 10 doing a nightly system state backup. nothing in the event logs to suggest a problem. no new software has been installed on the server since the last batch of windows updates about 30 days ago. and like i said the problem reappeared yesterday after an 8 month hyatus.

RoadKi11
 
Upvote 0 Downvote
NFI! Are the accounts just gone - or are they toombstoned? I think with some research, you can see the toombstoned accounts with ADSIEdit
 
Upvote 0 Downvote
The user were tombstoned and i was able to reanimate them with Sysinternals adrestore. Hand little utility, no wonder MS bought them. Im still looking for any ideas why this may be happening. No users vanished last night so i guess thats a good sign.

Thanks,

RoadKi11
 
Upvote 0 Downvote
If they are being toombstoned, it means there is an explicit delete command being executed. I don't know how - but there has to be a way of creating debugging logs for NTFRS?
 
Upvote 0 Downvote
Do you have auditing enabled? Check the event logs to see who last accessed the affected user objects. Hope this helps.

Regards

Terry
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
128
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top