How to repair corrupt AD user account

Hi,

We have an issue where we have some corrupt AD user accounts.  we noticed it when we tried to log into our domain and the desktop locked up.  At first we thought it was a corrupt windows user profile but when we deleted the profile and tried to log back into the computer, we experienced the same issue

When we logged into the computer with another user account it worked fine.  When we deleted the corrupt user account from AD and recreated it, it work just fine.

The main issue that we have is that we cannot delete all of the user accounts because it would be dissruptive and a pain to move all of the exchange mailboxes

Is there an easier way to fix the user accounts?
thomasm1948Asked:
Who is Participating?
 
Leon FesterConnect With a Mentor Senior Solutions ArchitectCommented:
I've never seen this behaviour before, have you considered that a specific group membership was causing this problem?

The user account is only used to pass logon credentials to AD and then AD sends back the membership tokens for the groups that this user is a member of.

When re-creating the user, did you put all the same group memberships back on the user account?

Another quick test, is to clone/copy one of the corrupt accounts to a new user account and then test if it does the same. If yes, remove all group membership on this account and try again.
P.S. This is only for testing purposes.
0
 
tolinromeCommented:
How do you know the accounts are corrupted, error message? Do all these accounts have something in common? Maybe a policy was changed\created that is causing this error?

The only way to get the accounts back, if they are corrupted, is to restore them from backup from a point in time before the corruption.
0
 
thomasm1948Author Commented:
Not sure if the user accounts are corrupt.  It just seems like it because if we delete and recreate the account it then works without an issue
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
thomasm1948Author Commented:
Ok, we tried to restore one user account and that did nothing.  We noticed something wierd though.  If we remove a user that has the issue from the local administrator group then works

any ideas
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Did you try to move a AD account to some other OU or create a new OU and then move him there (If your creating a new OU please create it at the root)

- Rancy
0
 
thomasm1948Author Commented:
Sorry for the late response.   I tried deleted the users and recreating it and the issue eventually started again  

This issue worked itself out and it seemed to have only affected our users using windows XP.  I did a force replicate across our network and the next day there were no more issues.  Kind of wierd
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.