?
Solved

AD users and computers console issue

Posted on 2014-11-06
5
Medium Priority
?
220 Views
Last Modified: 2014-11-21
I have an AD 2008 R2 environment.
When logged in as administrator into one DC I cannot see any computers in the AD users and computers console.
When I log into as a different domain admin user to the same DC I can see them all.
If I log into another DC with both users I can see everything.
Anyone have any ideas as to why this might happen and how to fix?
0
Comment
Question by:DaveKall42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40426811
Sounds like a corrupted profile. Remove the domain users profile from registry and delete their users folder to recreate.
0
 

Author Comment

by:DaveKall42
ID: 40426814
Delete profile from local registry of DC in question?  Do you happen to know where that is located in registry?
0
 
LVL 12

Assisted Solution

by:jkaios
jkaios earned 1000 total points
ID: 40427188
To delete and recreate an user profile, try these:

1. Log in with another user
2. Bring up the System Properties dialog box (Windows Logo Key + Break) OR sysdm.cpl
3. click the Advanced tab
4. click Settings button under User Profiles
5. in the User Profies window, select the appropriate user and click Delete
6. click OK, OK to dismiss all dialog boxes
7. log off the current user
8. log in with user you deleted in step 5 (its profile will be created automatically)
0
 
LVL 17

Accepted Solution

by:
Spike99 earned 1000 total points
ID: 40427319
JKaios is correct: that's the best method to clear a user profile.

But, just an FYI, the user's profile consists of several parts.  At minimum, there are 2:
1.  Profile "hive" key in ProfileLIst key:  
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<USER-SID>
2.  The user's folder in C:\Users

If you are using roaming profiles, then there would be a 3rd part:  a network copy of the local profile on the network.
You can configure that either using a GPO or by adding the folder path to the "Terminal Service Profile" tab in the user's account properties in Active Directory.

With Windows Server 2003 & Windows XP, you could get away with just deleting the user profile folder in C:\Documents and Settings. Windows would just re-create the profile folder if it's not found.  But, the newer OSs (Windows Vista, 7 & 8 as well Server 2008 & 2012) don't like it when you do that.

If you just delete the user's folder from C:\Users without also removing the profile key, the user will get a profile error at logon. Then, Windows will log them on using a temp profile and none of their settings will be saved at exit. That situation will persist every time they log on to the same server or PC until you remove the backup profile key created by Windows in the ProfileList key (backup keys always end in .BAK).
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40431337
Before you rebuild your profile try to clear all MMC content in the following location:

C:\Users\%username%\AppData\Roaming\Microsoft\MMC

The try to access ADUC again
0

Featured Post

Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question