Solved

Disabling 1 User in AD Disables other users

Posted on 2006-11-30
2
193 Views
Last Modified: 2010-04-18
I've never seen this before.  An employee left a company so we disabled his account.  The next day or so I get a call saying a different user else can't log in.  After some checking I find out that if I eneable the ex-employees account the current employee can log in with her account.  Once the old account is disabled, the current account is also disabled.  I've tried changing passwords on both accounts, but the problem persisists.  All servers are running Windows 2003 Standard, the domain is in native mode.  Any ideas?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 18051312
Recreate the user's account - it seems this guy may have somehow tied his account to hers (SID spoofing?)  I wouldn't risk it.

Disable the ex-employees account, create a new one for the other user, log in to create the new profile then copy all the data (and Desktop contents) to the new profile.  DO NOT copy the entire profile contents - just the user's data.

Once that's working, delete the two suspect accounts.

0
 
LVL 1

Author Comment

by:Leverage IT Consulting
ID: 18070935
I don't think the user who left knew enough to tie the accounts together on purpose.  I've gone ahead and deleted and recreated the account, it works fine now.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question