Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 693
  • Last Modified:

Active Directory accounts are unable to login

We have 200 + PC running in a workgroup that has the same name as my AD domain.   None of the machines are members of the domain.    They users login to Novell 6.0 and get all the poilicies from Novell.   They need access to our exchange 2k box for their email and another application.  Most of the users have no trouble with this setup, although, a select few have been locked out of their AD account (not able to access email etc. )  We dont see anything in the event log on the domain control besides:

"Disabled user /o=Domainname.com/ou=First Administrative Group/cn=Recipients/cn=username does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account."

But so far the users with that message have not encountered the issue.

Our work around has been to reset the user's password on the DC will fix the issue.  Users do not have access to reset their own passwords.
0
gmacmaster
Asked:
gmacmaster
  • 2
1 Solution
 
Jandakel2Commented:
It sounds like you have accounts that have been removed from AD prior to their mailbox being removed from Exchange.  You should remove the exchange features/mailbox first than delete accounts for users.

JK
0
 
gmacmasterAuthor Commented:
The error message I posted was the only warning or error in the event log,  I am not sure if it is related.    

I have requested the my helpdesk folks keep a running list of the users having this issue to see if their username appears in the log.  

Note:  all the users have the check box for passwords never expiring.
0
 
Jandakel2Commented:
The error that you are encountering happens when a user is deleted from Active Directory and their mailbox is not removed from Exchange at the same time.  If you look at the user names, you should archive that users Exchange data, completely remove them from AD and Exchange, then make a new account for them and a new mailbox and do the restore.  What the error refers to is the association between the location of the Exchange accounts and their relative AD (SID) accounts.  When one is deleted without the other, the chain is broken so to speak.  

JK
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now