Deleted users completely disappear

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi-
I administer an NT4 resource domain. There are 3 NT4
master domains and 1 W2K AD domain. On our domain
controllers we have local groups that contain many users
from those other 4 domains.
Somehow the LDAP system that populates the resource
domains partially "unpopulated" those domains. In other
words, a bunch of accounts got deleted. How or why that
happened is irrelevent but.....
Instead of those deleted accounts showing up as SIDs
or "Account Unknown" in our groups, they were just simply
gone.
The accounts in the master domains were restored by
bringing back the SAM from backup but the users didn't
end up back in my groups and now I have to manually add
them all.
In the past, when a user was deleted from one of the
master domains, they would be represented in my groups as
SIDs or "Account Unknown" but for some reason this seems
to have changed about a year and a half ago. It didn't
occur to me that it would make any difference until now.
Does anyone know what would cause this or if there is
something I can do to change that behavior?
By the way, it also happened on the member servers in our
domain. The Central IT people swear that servers in
other resource domains didn't behave this way.
Thanks for any help.
3 answers Last reply
More about deleted users completely disappear
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    This behavior is by default. How can you
    expect the account to be "retained" when
    it is deleted from the SAM? The "account
    unknown" will only appear when the account
    is there but the link to the account is missing
    i.e., communication to a DC where the account
    resides is missing. I don't know of any way to
    change this behavior..

    "Charlie" <anonymous@discussions.microsoft.com> wrote in message
    news:23e3c01c45f08$21074c40$a301280a@phx.gbl...
    > Hi-
    > I administer an NT4 resource domain. There are 3 NT4
    > master domains and 1 W2K AD domain. On our domain
    > controllers we have local groups that contain many users
    > from those other 4 domains.
    > Somehow the LDAP system that populates the resource
    > domains partially "unpopulated" those domains. In other
    > words, a bunch of accounts got deleted. How or why that
    > happened is irrelevent but.....
    > Instead of those deleted accounts showing up as SIDs
    > or "Account Unknown" in our groups, they were just simply
    > gone.
    > The accounts in the master domains were restored by
    > bringing back the SAM from backup but the users didn't
    > end up back in my groups and now I have to manually add
    > them all.
    > In the past, when a user was deleted from one of the
    > master domains, they would be represented in my groups as
    > SIDs or "Account Unknown" but for some reason this seems
    > to have changed about a year and a half ago. It didn't
    > occur to me that it would make any difference until now.
    > Does anyone know what would cause this or if there is
    > something I can do to change that behavior?
    > By the way, it also happened on the member servers in our
    > domain. The Central IT people swear that servers in
    > other resource domains didn't behave this way.
    > Thanks for any help.
    >
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Sounds normal to me. When you get the "sid" or "account unkown" it means
    that the account has been deleted but still tied to the resource. There is
    no way to use it when you get this type of behavior because the account is
    gone.

    --
    Scott Harding
    MCSE, MCSA, A+, Network+
    Microsoft MVP - Windows NT Server

    "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    message news:%23v1znu3XEHA.2944@TK2MSFTNGP11.phx.gbl...
    > This behavior is by default. How can you
    > expect the account to be "retained" when
    > it is deleted from the SAM? The "account
    > unknown" will only appear when the account
    > is there but the link to the account is missing
    > i.e., communication to a DC where the account
    > resides is missing. I don't know of any way to
    > change this behavior..
    >
    > "Charlie" <anonymous@discussions.microsoft.com> wrote in message
    > news:23e3c01c45f08$21074c40$a301280a@phx.gbl...
    > > Hi-
    > > I administer an NT4 resource domain. There are 3 NT4
    > > master domains and 1 W2K AD domain. On our domain
    > > controllers we have local groups that contain many users
    > > from those other 4 domains.
    > > Somehow the LDAP system that populates the resource
    > > domains partially "unpopulated" those domains. In other
    > > words, a bunch of accounts got deleted. How or why that
    > > happened is irrelevent but.....
    > > Instead of those deleted accounts showing up as SIDs
    > > or "Account Unknown" in our groups, they were just simply
    > > gone.
    > > The accounts in the master domains were restored by
    > > bringing back the SAM from backup but the users didn't
    > > end up back in my groups and now I have to manually add
    > > them all.
    > > In the past, when a user was deleted from one of the
    > > master domains, they would be represented in my groups as
    > > SIDs or "Account Unknown" but for some reason this seems
    > > to have changed about a year and a half ago. It didn't
    > > occur to me that it would make any difference until now.
    > > Does anyone know what would cause this or if there is
    > > something I can do to change that behavior?
    > > By the way, it also happened on the member servers in our
    > > domain. The Central IT people swear that servers in
    > > other resource domains didn't behave this way.
    > > Thanks for any help.
    > >
    >
    >
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You are correct I was thinking local accounts.
    I would think someone had to manually remove
    the "account unknown" icons.

    "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
    message news:
    > Sounds normal to me. When you get the "sid" or "account unkown" it
    means
    > that the account has been deleted but still tied to the resource.
    There is
    > no way to use it when you get this type of behavior because the
    account is
    > gone.
    >
Ask a new question

Read More

Domain Microsoft Windows