21/08/2011

Having problems or issues deleting an Active Directory user?

By Dallas Hindle

Recently I came across a problem when i was doing general clean-up and maintenance on an Active Directory Domain.

When i tried to delete a user that was no longer with the company I go the following error.

Error When deleting user in Active Directory

The first thought is dammit, it’s a protected object in AD, so you open the user and go to object only to find that it doesn’t have the tick box set.

Ok, but I know that the admin count can also do funky things, so that’s probably been set to AdminCount=1 so I’ll check that.

No dice… well there goes the simple and common things that will cause you problems.

if you also looked at the error closely you would have noticed that the error was talking about exchange permissions.

if you go to your Active Directory users and computers MMC you can turn on two options

Users, Contacts, Groups, and Computers as Containers. and Advanced Features (if not already)

Now when you go back and look at the user you are trying to delete you find out that they have a container under their account… Why you ask? this is created by Exchange and all these new iPhones and Windows Phones users will have one under their account.


In this particular environment we have Exchange 2010 Service Pack 1, I could use ADSI edit and delete get rid of it, however I hate using ADSI Edit when you can do it as the system intended.

Since this is a phone that is added to the users account our next set is the Exchange EMC

Logon to the Exchange Management Console and Select the user from the Mailbox folder under Recipient Configuration area and right click to bring up the action menu,

click on “Manage Mobile Phone…”

This will bring up the below window and you will be able to select the offending devices and remove the Windows Mobile phone’s, iPad’s or iPhones from the users account. by selecting them and clicking remove when you have the radio button “Remove Mobile Phone partnership” selected.

Once this is done you will be able to go back to AD and delete the user as per normal.

Hope this helps.

This entry was posted on Sunday, August 21st, 2011 at 10:52 pm and tagged with , , , and posted in Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.

4 responses to “Having problems or issues deleting an Active Directory user?

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: