Solved

How to repair corrupt AD user account

Posted on 2013-01-10
6
6,459 Views
Last Modified: 2013-03-02
Hi,

We have an issue where we have some corrupt AD user accounts.  we noticed it when we tried to log into our domain and the desktop locked up.  At first we thought it was a corrupt windows user profile but when we deleted the profile and tried to log back into the computer, we experienced the same issue

When we logged into the computer with another user account it worked fine.  When we deleted the corrupt user account from AD and recreated it, it work just fine.

The main issue that we have is that we cannot delete all of the user accounts because it would be dissruptive and a pain to move all of the exchange mailboxes

Is there an easier way to fix the user accounts?
0
Comment
Question by:thomasm1948
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 38764917
How do you know the accounts are corrupted, error message? Do all these accounts have something in common? Maybe a policy was changed\created that is causing this error?

The only way to get the accounts back, if they are corrupted, is to restore them from backup from a point in time before the corruption.
0
 

Author Comment

by:thomasm1948
ID: 38765271
Not sure if the user accounts are corrupt.  It just seems like it because if we delete and recreate the account it then works without an issue
0
 

Author Comment

by:thomasm1948
ID: 38765372
Ok, we tried to restore one user account and that did nothing.  We noticed something wierd though.  If we remove a user that has the issue from the local administrator group then works

any ideas
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38765878
Did you try to move a AD account to some other OU or create a new OU and then move him there (If your creating a new OU please create it at the root)

- Rancy
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 38766210
I've never seen this behaviour before, have you considered that a specific group membership was causing this problem?

The user account is only used to pass logon credentials to AD and then AD sends back the membership tokens for the groups that this user is a member of.

When re-creating the user, did you put all the same group memberships back on the user account?

Another quick test, is to clone/copy one of the corrupt accounts to a new user account and then test if it does the same. If yes, remove all group membership on this account and try again.
P.S. This is only for testing purposes.
0
 

Author Closing Comment

by:thomasm1948
ID: 38945967
Sorry for the late response.   I tried deleted the users and recreating it and the issue eventually started again  

This issue worked itself out and it seemed to have only affected our users using windows XP.  I did a force replicate across our network and the next day there were no more issues.  Kind of wierd
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question