I think that maybe the stray users / computers were just direct children
of the U which was deletedit's virtually impossible to know without
digging a bit moremaybe they decommissioned a DC and then brought it
back later.
If you're not currently experiencing any replication problems and all
the DCs are valid, working, sharing sysvol, bla, bla, blathen it's
really a judgement call if you wanna just delete those objects or dig
some more to find out their origin. I would be certain that they aren't
being used, if they were real user / computer accounts then you may have
some users / computers who are mysteriously not getting the right GP's
or who's scripts are failing because the DN of the object is
different
May the force be with you!
Rob
Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Tom Kern
Sent: Tuesday, August 16, 2005 3:10 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] lost and found
Some U's are acutally named "old-ou" or "deleted-ou", so they knew
they were getting rid of them. I jusy wondered why they would end you
there.
The ou's are nested at least3 deep.
there are also some stray parent-less user and computer accounts.
I guess it's just a result of serious on going replication issues or
a movetree gone bad?
Unfortunately the persons responsible are long gone for not the best
of reasons
thanks
8/16/05, Robert Williams (RRE) <roberwil (AT) microsoft (DOT) comwrote:
It's really hard to tell based on that but a few guesses are:
Someone deleted an U, then fixed a replication problem after
tombstone
lifetime has passedthis U had many child U's which might be the
ones you seemaybe the attribute for parent is a back-link or
something like that where it will be blank if the object it references
doesn't exist (that is a complete guessI don't know that this works
that wayit was used as an example).
All other explanations are variations of tombstone lifetime,
replication
problems, etc
Can you give us more detail about these objects? Whether you should
be
concerned may depend solely on whether the person you are inherited
the
forest from is concerned :-0
It's hard to say right now
Rob
Message
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Tom Kern
Sent: Tuesday, August 16, 2005 2:27 PM
To: activedirectory
Subject: [ActiveDir] lost and found
I'm inheriting this forest(which we are migrating away from) which has
a ton of objects in the lost and found container in the domain
NC(users,U's with about 2000 objects in them,etc).
Know of them have the lastKnownParent attrib set.
Is this something to be concerned with?
Is there a reason there would be so many objects in here?
Thanks