AD group backup/restore mystery

Posted on 2012-09-20
Last Modified: 2012-09-25
Can anyone think of any legitimate reason why a group in AD would have ex members re-joined. Reason I ask is I check our group membership who can access our files on a file server once a month to check nobody has been added to the group. A couple of times now I have noticed an ex employee who still works in the business but elsewhere has been relisted in the group membership, when they have 100% been removed before. I wondered any AD type maintenance that could cause this by mistake? It’s almost like the group has reverted back to a previous state/backup. Any theories how this could occur?
Question by:pma111
    LVL 18

    Accepted Solution

    If you removed the user from the group then Active directory not automaticaly give group permission to user.

    If you restore a previous state/backup then removed user will get permission or member of group.
    LVL 25

    Assisted Solution

    Does said user have any admin rights or knowledge of admin accounts?

    If the former, I would revoke them if possible and if the latter then it may be time to change their passwords.
    LVL 3

    Author Comment

    No admin permissions
    LVL 25

    Expert Comment

    Then either some kind of automated task / script is running that is adding him back into the group or he knows an admin account. Or, someone with an admin account is adding him in.
    LVL 18

    Assisted Solution

    Its human who makes mistake ...Machine do as we say..look at Admins of same of them might be culprit
    LVL 39

    Assisted Solution

    by:Krzysztof Pytko
    Hm I would be able to think about these cases:

    1) someone re-added users into group
    2) an authoritative restore of a group was done
    3) there is multidomain environment where not all DCs are Global Catalogs and Infrastructure Master role is on a GC server (performed changes are overwritten)

    to check that, run in command-line
    nltest /dclist:<DNS-Domain-Name>

    Open in new window

    and if any of DCs are not GC then
    netdom query fsmo

    Open in new window

    to check where Infrastructure Master is located. Then compare if it is on GC server

    4) there is some LDAP services (i.e. Novell) with enabled replication to AD database and they are treated as "primary". All changes are replicated one way, from LDAP environment to AD, so you cannot remove simply user from AD group

    are you able to verify these point in your environment, please ?


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now