Solved

Cannot create a group in Active Directory, 'The specified group already exists'.

Posted on 2010-08-17
8
2,791 Views
Last Modified: 2012-08-13
I am trying to create a group on our Active Directory (Windows 2003 SBS based) but when I do, it says it can't create the object because it already exists...it doesn't.  Some background:

This server is going to be retired as a DC, so I'm stripping out all the roles it used to carry out for us.  The last one I removed was the Sophos Enterprise console, which is where the problem lies.  The Sophos EC has been moved to another machine and is running well, but any server which is either a DC or a PDC needs to look to an Active Directory group called Sophos Administrators for it to run.  These groups were removed when Sophos was uninstalled, but when I try to re-add one it says it already exists!!  I have had a good look through AD users and computers and it's nowhere to be found.  
0
Comment
Question by:-Juddy-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 500 total points
ID: 33452223
The old (deleted) group will be tombstoned and un usable, your probably better off restoring that group.

See if ad restore can get the group back for you.

http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 33452242
What a fantastic app!!  It's brought back the AD objects, but they are called (example) myrestoredgroupTmpRn.........why the TmpRn suffix?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33452277
Not sure but maybe so you can identify them and so they won't cause conflicts? just rename them back.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 3

Author Comment

by:-Juddy-
ID: 33452281
Sorry, I'm being dim.....I suppose it's just to highlight the fact that it's been restored by the tool.  There's a GUI version too: http://www.windowsreference.com/free-utilities/adrestorenet-the-gui-version-of-adrestore/
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33452288
BTW there is a very nice gui tool linked from this page call ADRestore.net
http://www.petri.co.il/recovering-deleted-items-active-directory.htm

Direct Link to Download
http://www.petri.co.il/downloads/ADRestore.NET.zip
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 33452311
Point coming your way, top man!!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 33452316
Just great!
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 33452939
Can you check this in AD

open command prompt and copy paste the comment below

dsquery group -name *Sophos*

also check this

dsquery user -name *Sophos*

Check this query and let us know if you find any thing...

Cheers,
Prem
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question