Solved

Disabling 1 User in AD Disables other users

Posted on 2006-11-30
2
194 Views
Last Modified: 2010-04-18
I've never seen this before.  An employee left a company so we disabled his account.  The next day or so I get a call saying a different user else can't log in.  After some checking I find out that if I eneable the ex-employees account the current employee can log in with her account.  Once the old account is disabled, the current account is also disabled.  I've tried changing passwords on both accounts, but the problem persisists.  All servers are running Windows 2003 Standard, the domain is in native mode.  Any ideas?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 18051312
Recreate the user's account - it seems this guy may have somehow tied his account to hers (SID spoofing?)  I wouldn't risk it.

Disable the ex-employees account, create a new one for the other user, log in to create the new profile then copy all the data (and Desktop contents) to the new profile.  DO NOT copy the entire profile contents - just the user's data.

Once that's working, delete the two suspect accounts.

0
 
LVL 1

Author Comment

by:Leverage IT Consulting
ID: 18070935
I don't think the user who left knew enough to tie the accounts together on purpose.  I've gone ahead and deleted and recreated the account, it works fine now.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question