[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

windows 2008 R2 Active Directory Object could not be displayed or deleted.

Posted on 2013-01-21
1
Medium Priority
?
298 Views
Last Modified: 2013-01-22
Dear All,

I found some users which one I click on them I got the following error:

1

Could you please help to:
1-      List all users have the same problem using command or anything else.
2-      Delete those users, I’m not able to delete them, I got the following error.

1

Thanks
0
Comment
Question by:Rhala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 42

Accepted Solution

by:
Meir Rivkin earned 2000 total points
ID: 38801094

This behavior occurs if the account that you are logged on with has only "list contents" permissions on the parent object.
http://support.microsoft.com/kb/305104
Under this scenario, you are unable to read any attributes of the object, even though you can see the object. This prevents Windows from providing information about the object based on the objectClass attribute, such as the icon attribute. You also do not have permissions to perform any operations on the object, such as a Delete command, that requires access to the objectGUID.

RESOLUTION
If you are a member of the local Administrators group on the domain controller, you may take ownership of the object and then grant yourself whatever access rights that you require.


Try this;
Logon on the DC with an account that is member of the 'Domain Admins' group
(the 'Domain Admins' group is by default a member of the Administrators group on the DC. To check this, on the DC, click Start / Run and type: CMD /k net localgroup Administrators)

- Open active directory users and computers
- Click View on the menubar
- check "Advanced Features"
- Goto the UNKNOWN object and open the properties
- on tab "Security" click on the 'Advanced' button.
- Goto tab 'Owner'
- Change Owner to the the administrator account that you are currently logged on with.
- In the Security dialog box, assign Full Control permissions to your account.
Active Directory Object could not be displayed
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question