Sign in with
Sign up | Sign in
Your question

Object already exists error

Last response: in Windows 2000/NT
Share
Anonymous
May 17, 2005 8:25:32 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Receiving an error for the object already esists when trying to create a
global security group "authenticated users" I know that this is a default
built-in group, however, the group had been previously deleted, but
apparently not totally from AD. I am trying to use LDP to remove it, but
what is the proper (attribute=value) that I need to use in the search
filter??
I have tried (groupname=authenticated users) and such but get not results so
I think the syntax is wrong.

chris

More about : object exists error

Anonymous
May 18, 2005 3:20:43 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Repent34 wrote:
> Receiving an error for the object already esists when trying to create a
> global security group "authenticated users" I know that this is a default
> built-in group, however, the group had been previously deleted, but

How do You deleted this group. AFAIK this is on-thefly constructed group
with well known sid controled by OS:
SID: S-1-5-11
Name: Authenticated Users
Description: A group that includes all users whose identities were
authenticated when they logged on. Membership is controlled by the
operating system.

--
Tomasz Onyszko [MVP]
http://www.w2k.pl
Anonymous
May 18, 2005 3:20:44 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

thats a good question. What I can tell you is that the group is no where to
be found. When I do a "find" from the top level, I get no results so when I
try to create it again I get the object already exists error. But get this,
when I go to add a user, group, or whatever to the permissions on something,
I can see the authenticated users group in the listing, but cannot find it
anywhere to access it directly, like you would any other group. Wierd, I
know. That is why I'm trying to delete it and recreate it. I created
another global everybody type group in the interim but I want that default
group back.

chris

"Tomasz Onyszko [MVP]" <T.Onyszko_nospam_@microsfot.com> wrote in message
news:ezWEhr4WFHA.3712@TK2MSFTNGP09.phx.gbl...
> Repent34 wrote:
>> Receiving an error for the object already esists when trying to create a
>> global security group "authenticated users" I know that this is a
>> default built-in group, however, the group had been previously deleted,
>> but
>
> How do You deleted this group. AFAIK this is on-thefly constructed group
> with well known sid controled by OS:
> SID: S-1-5-11
> Name: Authenticated Users
> Description: A group that includes all users whose identities were
> authenticated when they logged on. Membership is controlled by the
> operating system.
>
> --
> Tomasz Onyszko [MVP]
> http://www.w2k.pl
Anonymous
May 18, 2005 4:29:25 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It is a well known security principal, not a group. I.E. There is no matching
group object. This is simply a SID added to the security token of users who are
authenticated. At most, you will see a foreignSecurityPrincipal for it in the
foreignSecurityPrincipals container in a domain. It will be an object with the
name S-1-5-11.

You can search your AD for all instances of it like so

adfind -gc -b -f name=S-1-5-11

You will probably see one for every domain.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Repent34 wrote:
> thats a good question. What I can tell you is that the group is no where to
> be found. When I do a "find" from the top level, I get no results so when I
> try to create it again I get the object already exists error. But get this,
> when I go to add a user, group, or whatever to the permissions on something,
> I can see the authenticated users group in the listing, but cannot find it
> anywhere to access it directly, like you would any other group. Wierd, I
> know. That is why I'm trying to delete it and recreate it. I created
> another global everybody type group in the interim but I want that default
> group back.
>
> chris
>
> "Tomasz Onyszko [MVP]" <T.Onyszko_nospam_@microsfot.com> wrote in message
> news:ezWEhr4WFHA.3712@TK2MSFTNGP09.phx.gbl...
>
>>Repent34 wrote:
>>
>>>Receiving an error for the object already esists when trying to create a
>>>global security group "authenticated users" I know that this is a
>>>default built-in group, however, the group had been previously deleted,
>>>but
>>
>>How do You deleted this group. AFAIK this is on-thefly constructed group
>>with well known sid controled by OS:
>>SID: S-1-5-11
>>Name: Authenticated Users
>>Description: A group that includes all users whose identities were
>>authenticated when they logged on. Membership is controlled by the
>>operating system.
>>
>>--
>>Tomasz Onyszko [MVP]
>>http://www.w2k.pl
>
>
>
!