Solved

windows 2008 R2 Active Directory Object could not be displayed or deleted.

Posted on 2013-01-21
1
295 Views
Last Modified: 2013-01-22
Dear All,

I found some users which one I click on them I got the following error:

1

Could you please help to:
1-      List all users have the same problem using command or anything else.
2-      Delete those users, I’m not able to delete them, I got the following error.

1

Thanks
0
Comment
Question by:Rhala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 38801094

This behavior occurs if the account that you are logged on with has only "list contents" permissions on the parent object.
http://support.microsoft.com/kb/305104
Under this scenario, you are unable to read any attributes of the object, even though you can see the object. This prevents Windows from providing information about the object based on the objectClass attribute, such as the icon attribute. You also do not have permissions to perform any operations on the object, such as a Delete command, that requires access to the objectGUID.

RESOLUTION
If you are a member of the local Administrators group on the domain controller, you may take ownership of the object and then grant yourself whatever access rights that you require.


Try this;
Logon on the DC with an account that is member of the 'Domain Admins' group
(the 'Domain Admins' group is by default a member of the Administrators group on the DC. To check this, on the DC, click Start / Run and type: CMD /k net localgroup Administrators)

- Open active directory users and computers
- Click View on the menubar
- check "Advanced Features"
- Goto the UNKNOWN object and open the properties
- on tab "Security" click on the 'Advanced' button.
- Goto tab 'Owner'
- Change Owner to the the administrator account that you are currently logged on with.
- In the Security dialog box, assign Full Control permissions to your account.
Active Directory Object could not be displayed
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question