Domain member can't see user deletion on doamin controller

Tutorials Win: Microsoft Windows Forum

Hi,
I have a strange behaviour happening on a server and I need your help.
So here is the setup:
2 domain controllers
2 member servers that are configured as terminal servers.

Users use the TS in application mode.

Initially the users were configured to use roaming profiles, sync with DFS
but right now, the DFS no longer synchronize the profiles from on server to
the other (the 2 TS). But that not the major issue here.

I have delete a user on one of the domain controller.
On TS1, I can see that the server know that the user has been delete because
for the 'local' profile stored in TS1 on doc and settings, if I edit the
properties, the user does not appear anymore and instead I see the SID of the
user, which indicate that the server knows that the user have been deleted.

But on the TS2, the user is still listed as a domain user in its profile's
security properties.

Also, on TS2, if I check in the system properties/advanced/User profiles, I
still can see the user (as a domain user domain\user) but I can't delete the
profile.

So here are my questions:
- How can I delete on TS2 the profile of the deleted user?
- Why on TS2 the user still seems to be there even if it has been deleted
from the domain controller?

Thanks.
Top

Re: Domain member can't see user deletion on doamin controller by Stu

Stu
Fri Dec 07 08:44:47 PST 2007

Have you tried adding the user to the security of an aribtary text
file just to see if it can pull back the user from DC.

Secondly I would be running echo %logonserver% on both the TS boxes to
see if you are logging into the same DC. If they are different you
could have a replication issue.

In which case you would looking to do the usual DCDIAGs on the DC's to
verify the DC's are in good order.

Netdiags on TS2 might also be a good idea.

On 7 Dec, 16:27, Romain <Rom...@discussions.microsoft.com> wrote:
> Hi,
> I have a strange behaviour happening on a server and I need your help.
> So here is the setup:
> 2 domain controllers
> 2 member servers that are configured as terminal servers.
>
> Users use the TS in application mode.
>
> Initially the users were configured to use roaming profiles, sync with DFS
> but right now, the DFS no longer synchronize the profiles from on server to
> the other (the 2 TS). But that not the major issue here.
>
> I have delete a user on one of the domain controller.
> On TS1, I can see that the server know that the user has been delete because
> for the 'local' profile stored in TS1 on doc and settings, if I edit the
> properties, the user does not appear anymore and instead I see the SID of the
> user, which indicate that the server knows that the user have been deleted.
>
> But on the TS2, the user is still listed as a domain user in its profile's
> security properties.
>
> Also, on TS2, if I check in the system properties/advanced/User profiles, I
> still can see the user (as a domain user domain\user) but I can't delete the
> profile.
>
> So here are my questions:
> - How can I delete on TS2 the profile of the deleted user?
> - Why on TS2 the user still seems to be there even if it has been deleted
> from the domain controller?
>
> Thanks.

Top

Re: Domain member can't see user deletion on doamin controller by Romain

Romain
Fri Dec 07 09:04:02 PST 2007

Hi and thanks for your help.

Netdiag on TS2 does not show any major issues and dcdiag also seems to be
fine.

On TS2, if I want to set a user right on a folder, the deleted user does not
appear (which is fine) but on its profile, the user is still listed has is
still exist ...

"Stu" wrote:

> Have you tried adding the user to the security of an aribtary text
> file just to see if it can pull back the user from DC.
>
> Secondly I would be running echo %logonserver% on both the TS boxes to
> see if you are logging into the same DC. If they are different you
> could have a replication issue.
>
> In which case you would looking to do the usual DCDIAGs on the DC's to
> verify the DC's are in good order.
>
> Netdiags on TS2 might also be a good idea.
>
> On 7 Dec, 16:27, Romain <Rom...@discussions.microsoft.com> wrote:
> > Hi,
> > I have a strange behaviour happening on a server and I need your help.
> > So here is the setup:
> > 2 domain controllers
> > 2 member servers that are configured as terminal servers.
> >
> > Users use the TS in application mode.
> >
> > Initially the users were configured to use roaming profiles, sync with DFS
> > but right now, the DFS no longer synchronize the profiles from on server to
> > the other (the 2 TS). But that not the major issue here.
> >
> > I have delete a user on one of the domain controller.
> > On TS1, I can see that the server know that the user has been delete because
> > for the 'local' profile stored in TS1 on doc and settings, if I edit the
> > properties, the user does not appear anymore and instead I see the SID of the
> > user, which indicate that the server knows that the user have been deleted.
> >
> > But on the TS2, the user is still listed as a domain user in its profile's
> > security properties.
> >
> > Also, on TS2, if I check in the system properties/advanced/User profiles, I
> > still can see the user (as a domain user domain\user) but I can't delete the
> > profile.
> >
> > So here are my questions:
> > - How can I delete on TS2 the profile of the deleted user?
> > - Why on TS2 the user still seems to be there even if it has been deleted
> > from the domain controller?
> >
> > Thanks.
>
>
Top