Object already exists error

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Receiving an error for the object already esists when trying to create a
global security group "authenticated users" I know that this is a default
built-in group, however, the group had been previously deleted, but
apparently not totally from AD. I am trying to use LDP to remove it, but
what is the proper (attribute=value) that I need to use in the search
filter??
I have tried (groupname=authenticated users) and such but get not results so
I think the syntax is wrong.

chris
3 answers Last reply
More about object exists error
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Repent34 wrote:
    > Receiving an error for the object already esists when trying to create a
    > global security group "authenticated users" I know that this is a default
    > built-in group, however, the group had been previously deleted, but

    How do You deleted this group. AFAIK this is on-thefly constructed group
    with well known sid controled by OS:
    SID: S-1-5-11
    Name: Authenticated Users
    Description: A group that includes all users whose identities were
    authenticated when they logged on. Membership is controlled by the
    operating system.

    --
    Tomasz Onyszko [MVP]
    http://www.w2k.pl
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    thats a good question. What I can tell you is that the group is no where to
    be found. When I do a "find" from the top level, I get no results so when I
    try to create it again I get the object already exists error. But get this,
    when I go to add a user, group, or whatever to the permissions on something,
    I can see the authenticated users group in the listing, but cannot find it
    anywhere to access it directly, like you would any other group. Wierd, I
    know. That is why I'm trying to delete it and recreate it. I created
    another global everybody type group in the interim but I want that default
    group back.

    chris

    "Tomasz Onyszko [MVP]" <T.Onyszko_nospam_@microsfot.com> wrote in message
    news:ezWEhr4WFHA.3712@TK2MSFTNGP09.phx.gbl...
    > Repent34 wrote:
    >> Receiving an error for the object already esists when trying to create a
    >> global security group "authenticated users" I know that this is a
    >> default built-in group, however, the group had been previously deleted,
    >> but
    >
    > How do You deleted this group. AFAIK this is on-thefly constructed group
    > with well known sid controled by OS:
    > SID: S-1-5-11
    > Name: Authenticated Users
    > Description: A group that includes all users whose identities were
    > authenticated when they logged on. Membership is controlled by the
    > operating system.
    >
    > --
    > Tomasz Onyszko [MVP]
    > http://www.w2k.pl
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    It is a well known security principal, not a group. I.E. There is no matching
    group object. This is simply a SID added to the security token of users who are
    authenticated. At most, you will see a foreignSecurityPrincipal for it in the
    foreignSecurityPrincipals container in a domain. It will be an object with the
    name S-1-5-11.

    You can search your AD for all instances of it like so

    adfind -gc -b -f name=S-1-5-11

    You will probably see one for every domain.


    joe

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Repent34 wrote:
    > thats a good question. What I can tell you is that the group is no where to
    > be found. When I do a "find" from the top level, I get no results so when I
    > try to create it again I get the object already exists error. But get this,
    > when I go to add a user, group, or whatever to the permissions on something,
    > I can see the authenticated users group in the listing, but cannot find it
    > anywhere to access it directly, like you would any other group. Wierd, I
    > know. That is why I'm trying to delete it and recreate it. I created
    > another global everybody type group in the interim but I want that default
    > group back.
    >
    > chris
    >
    > "Tomasz Onyszko [MVP]" <T.Onyszko_nospam_@microsfot.com> wrote in message
    > news:ezWEhr4WFHA.3712@TK2MSFTNGP09.phx.gbl...
    >
    >>Repent34 wrote:
    >>
    >>>Receiving an error for the object already esists when trying to create a
    >>>global security group "authenticated users" I know that this is a
    >>>default built-in group, however, the group had been previously deleted,
    >>>but
    >>
    >>How do You deleted this group. AFAIK this is on-thefly constructed group
    >>with well known sid controled by OS:
    >>SID: S-1-5-11
    >>Name: Authenticated Users
    >>Description: A group that includes all users whose identities were
    >>authenticated when they logged on. Membership is controlled by the
    >>operating system.
    >>
    >>--
    >>Tomasz Onyszko [MVP]
    >>http://www.w2k.pl
    >
    >
    >
Ask a new question

Read More

Microsoft Active Directory Windows