• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 695
  • Last Modified:

Active Directory accounts are unable to login

We have 200 + PC running in a workgroup that has the same name as my AD domain.   None of the machines are members of the domain.    They users login to Novell 6.0 and get all the poilicies from Novell.   They need access to our exchange 2k box for their email and another application.  Most of the users have no trouble with this setup, although, a select few have been locked out of their AD account (not able to access email etc. )  We dont see anything in the event log on the domain control besides:

"Disabled user /o=Domainname.com/ou=First Administrative Group/cn=Recipients/cn=username does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account."

But so far the users with that message have not encountered the issue.

Our work around has been to reset the user's password on the DC will fix the issue.  Users do not have access to reset their own passwords.
0
gmacmaster
Asked:
gmacmaster
  • 2
1 Solution
 
Jandakel2Commented:
It sounds like you have accounts that have been removed from AD prior to their mailbox being removed from Exchange.  You should remove the exchange features/mailbox first than delete accounts for users.

JK
0
 
gmacmasterAuthor Commented:
The error message I posted was the only warning or error in the event log,  I am not sure if it is related.    

I have requested the my helpdesk folks keep a running list of the users having this issue to see if their username appears in the log.  

Note:  all the users have the check box for passwords never expiring.
0
 
Jandakel2Commented:
The error that you are encountering happens when a user is deleted from Active Directory and their mailbox is not removed from Exchange at the same time.  If you look at the user names, you should archive that users Exchange data, completely remove them from AD and Exchange, then make a new account for them and a new mailbox and do the restore.  What the error refers to is the association between the location of the Exchange accounts and their relative AD (SID) accounts.  When one is deleted without the other, the chain is broken so to speak.  

JK
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now