active directory user and computers windows 2008 R2

patrickst
patrickst used Ask the Experts™
on
unable to see user in active directory users and computers. When I try to add the user account back into active directory it will not let me getting arror that the user has an  active directory  account already. But when searching for then userI don't see the user at all. Using  windows 2008 R2active directory.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Nick RhodeIT Director
Top Expert 2013

Commented:
Are you searching under the entire directory when doing the find now?  Was this a previous user at one point and time?  Is the name associated with a security group or distribution group?

Author

Commented:
searching under the local domain and under the"users" folders. The user can logon into the domain, but does not show up in AD.  The user in question has been signing on to the domain for the last 6 months.  Just today I notices that the user is not showing up in active directory.  The user is in a distribution group.
Nick RhodeIT Director
Top Expert 2013

Commented:
Under find go to Users,Contacts, and Groups, Under IN: choose entire directory and then do a find now and see if he shows up.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
I did find the user account out in the Root of the domain.  I'm trying to move the user account back under the "users" OU, but getting access denied.  Do you know a way to move the user back into the "users" OU?

thanks

Pat
find the user, right click on it and select move, then select target ou and click ok.
You can also drag and drop that user in target ou

Author

Commented:
I try moving the object ( see attach file) but getting error on move access denied. Not sure why

thanks
activedirectory-error-move-error.png
That simply means what it says, you do not have rights.
With domain admin account go to properties > security of that account and either take ownership or configure sufficient permissions so that it will allow you to do move operation.
Did you install the admin tools? - http://www.microsoft.com/download/en/details.aspx?id=7887

Or you can run dsa.msc command.

The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the RID master domain controller.

Author

Commented:
I have try moving the object on the AD server itself ( server has all 5 rolles install including RID roll),  using the command dsa.msc ( with no luck). I'm unable to move this object. I'm looking for a powershell cammand to try and move user object,  do you know a command that I can try?

thanks
found the solution to the problem, what did tomove the user object back to the use OU group was I had to uncheck the " protect from accedental delection" tap.  After that  I could move the user to the user OU group.

thanks

Author

Commented:
once I uncheck the " Protect from accidental delection"tap I could move the user object back to the USER OU with no problem

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial