Duplicate computer objects ($Duplicate-)

We are finding some duplicate computer objects in AD. Some have
$Duplicate-... in the pre-Windows 2000 attirbute. Can someone point me to
material that explains why/how these are created and if we can get rid of
them?

I have tried searches on the subject, but search engines don't seem to like
that search phrase.

Thanks,

Dan

 

Howdie!

Am 06.04.2010 16:51, schrieb Dan Thomson:

I've seen this happen if, for some reason, after a restore an already
deleted account was introduced back into the directory while a new
machine with the same name was created on some other OU.

I don't have all the places present where AD checks for name uniqueness
but the most common places (ADUC, ADSIEdit, ...) check for that. You
probably want to review any provisioning scripts or restore/recovery
applications around. A look at when those $Duplicate-...-objects were
created might give you a hint on what was going on (maybe during a
nightly service/task,...).

Cheers,
Florian

 

Hello Dan,

If you really restored AD from backup as Florian mentions, you should consider
an authoritative restore instead of normal AD restore. (As far as I remember
from Windows 2000 - I guess it will still be the same)

 

We aren't doing any restores. However, computers are constantly being
reimaged throughout our worldwide infrastructure. I am thinking this
reimaging is causing the creation of the $Duplicate* objects. I was hoping
someone might be able to point me to an article or something.

Dan

 

Are you using Sysprep prior to imaging your base image that you are using to deploy?

If not, my bet is that is the problem. Sysprep forces the newly applied image to go through a mini-setup (if you opted for it), and produce a new SID. AD and other security based communications uses the SID and not the computer name.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.