Duplicate computer objects ($Duplicate-)

Discussion in 'Active Directory' started by Dan Thomson, Apr 6, 2010.

  1. Dan Thomson

    Dan Thomson Guest

    We are finding some duplicate computer objects in AD. Some have
    $Duplicate-... in the pre-Windows 2000 attirbute. Can someone point me to
    material that explains why/how these are created and if we can get rid of

    I have tried searches on the subject, but search engines don't seem to like
    that search phrase.


    Dan Thomson, Apr 6, 2010
    1. Advertisements

  2. Howdie!

    Am 06.04.2010 16:51, schrieb Dan Thomson:
    I've seen this happen if, for some reason, after a restore an already
    deleted account was introduced back into the directory while a new
    machine with the same name was created on some other OU.

    I don't have all the places present where AD checks for name uniqueness
    but the most common places (ADUC, ADSIEdit, ...) check for that. You
    probably want to review any provisioning scripts or restore/recovery
    applications around. A look at when those $Duplicate-...-objects were
    created might give you a hint on what was going on (maybe during a
    nightly service/task,...).

    Florian Frommherz, Apr 6, 2010
    1. Advertisements

  3. Dan Thomson

    Andreas Y Guest

    Hello Dan,

    If you really restored AD from backup as Florian mentions, you should consider
    an authoritative restore instead of normal AD restore. (As far as I remember
    from Windows 2000 - I guess it will still be the same)
    Andreas Y, Apr 7, 2010
  4. Dan Thomson

    Dan Thomson Guest

    We aren't doing any restores. However, computers are constantly being
    reimaged throughout our worldwide infrastructure. I am thinking this
    reimaging is causing the creation of the $Duplicate* objects. I was hoping
    someone might be able to point me to an article or something.

    Dan Thomson, Apr 14, 2010
  5. Are you using Sysprep prior to imaging your base image that you are using to deploy?

    If not, my bet is that is the problem. Sysprep forces the newly applied image to go through a mini-setup (if you opted for it), and produce a new SID. AD and other security based communications uses the SID and not the computer name.


    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
    Ace Fekay [MVP-DS, MCT], Apr 16, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.