Phantom user account

I recently tried creating a new account but received an error stating
that there was already an account with that logon name in the
enterprise. At first, I couldn't find it anywhere, but then I did
find it in another domain within the same forest when doing a search
on the Entire Directory in ADUC. There is an account that shows up
when searching there, but it's been deleted some time ago. I can only
see this account in the Find dialog, not in any ADUC container.
Within the dialog, the account can not be deleted again, nor renamed
or moved.

How do I clean this up so that I can create an new account with this
name?

Thanks,
Peter

 

This is very strange behavior. Since a logon name (SAMAccountName) has only
to be unique in the same domain, I cannot explain that error. This only can
happen when the UPN (which has to be unique in the whole forest) should be
duplicated. Is that the case?
The other scenario you're telling us about, reminds me of lingering objects,
that still exist in global catalog but not in the originated domain.
There are sevral ways to remove lingering objects. In 2003 SP1 you can use
the repadmin command with the aquivalent option and give it a try. The most
reliant way of course is to rebuild the Global Catalog freshly on all GC DCs
in the forest.
Robert K

 

The UPN is the same. I tried rebuilding the GC by unchecking the box,
applying changes and checking the box back on and applying again, is
this the correct procedure for rebuilding the GC? If it is, it didn't
help.

Peter

 

What you describe is very similar to lingering/phantom objects. I say
similar, because I don't have all of the information that might be available
but it's highly likely that's what it is.

Before you try to fix any of the issues, have a look at the kb
http://support.microsoft.com/?id=248047 (this is the 2000 version. I can't
find the 2003 version at the moment - but you should have a look for one)
and find and repair the root cause. Otherwise, you're just pounding sand.

Al