remove user from AD, and any SIDs associated?

[blade10]

All-

I work at a company that creates an account via Lotus Notes primarily using ldap tools and then as a secondary step creates an Active Directory account.

The whole purpose of this is to create a single password (sign-on) setup.

There is one user that keeps getting locked out of AD, their password get locked for no reason.

I would like to delete the account in AD and the have the Lotus Notes (ldap folks) create her account over again..

My question: aside from me just deleting the AD account, is there anything I would need to do in order for any residual SIDS that point to her account to be wiped out. is there a resource kit tool for this? freeware Microsoft tool?

thanks for any input here.

blade

 

[TechyMcSe2k]

delete account then replicate. You should be fine.

the LDAP query syntax for a user based on SID is:

(objectSid=S-1-5-21-xxxxxx)


________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!

 

[blade10]

Hi Techy,

Thanks for the info, so when you say "just replicate".. just go to cmd prompt on the DC and run repadmin /syncall ?

would that do it?

thanks again
blade

 

[TechyMcSe2k]

if you have one DC or all DC's in the same site, then don't worry about it. If you have remote sites; you can force replication in Sites and Services, or just wait for it to do it automatically

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!