|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Phantom AD group called $UJ5000-I64JO6IO1K6I ????$UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a look around I cannot find this phantom group. It doesn't show in ADUC either. Now it may be worth worrying about but if anyone has any clues as to what this may be or can advise a quick way to search AD to try and find this name I'd be obliged. Domain is Windows Server 2003 with one server running Server 2008 64bit with Exchange 2007. A check on event logs on either DC shows no errors/warnings of interest. This odd-ball item never used to appear in netuser.exe before, it just appeared recently. Just a bit worried in case there is some strange corruption in AD and I don't want the sytem coming crashing down around me! Cheers Maurice,
Maurice wrote: > If I run netuser.exe It shows an AD group with the name - Does that help you in any way?> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a > look around I cannot find this phantom group. It doesn't show in ADUC either. > Now it may be worth worrying about but if anyone has any clues as to what > this may be or can advise a quick way to search AD to try and find this name > I'd be obliged. http://blogs.technet.com/ad/archive/2006/12/13/lookin-at-some-ad-dumpage.aspx Cheers, Florian That looks heavy. I'll take time and have a good look there.
Cheers Show quoteHide quote "Florian Frommherz [MVP]" wrote: > Maurice, > > Maurice wrote: > > If I run netuser.exe It shows an AD group with the name - > > $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a > > look around I cannot find this phantom group. It doesn't show in ADUC either. > > Now it may be worth worrying about but if anyone has any clues as to what > > this may be or can advise a quick way to search AD to try and find this name > > I'd be obliged. > > Does that help you in any way? > http://blogs.technet.com/ad/archive/2006/12/13/lookin-at-some-ad-dumpage.aspx > > Cheers, > Florian >
Show quote
Hide quote
"Maurice" <Maur***@discussions.microsoft.com> wrote in message That name looks like the "pre-Windows 2000" name that the system assigns to news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com... > If I run netuser.exe It shows an AD group with the name - > $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a > look around I cannot find this phantom group. It doesn't show in ADUC > either. > Now it may be worth worrying about but if anyone has any clues as to what > this may be or can advise a quick way to search AD to try and find this > name > I'd be obliged. > > Domain is Windows Server 2003 with one server running Server 2008 64bit > with > Exchange 2007. > > A check on event logs on either DC shows no errors/warnings of interest. > > This odd-ball item never used to appear in netuser.exe before, it just > appeared recently. > > Just a bit worried in case there is some strange corruption in AD and I > don't want the sytem coming crashing down around me! > > > Cheers a group if you do not specify a value for the sAMAccountName attribute when you create the group with code (rather than with the ADUC GUI). The group will have a normal Common Name (the value of the cn attribute), but the NetBIOS name (the "pre-Windows 2000 name", which is the value of the sAMAccountName) will be a crazy string. I believe the form is: $aannnn-aaaaaaaaaaaa where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing 0's in my experience). The netuser utility must return NetBIOS names, but in ADUC groups are shown by cn. The "Name" field in ADUC is the Common Name (the Relative Distinguished Name).
Show quote
Hide quote
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in I have seen this behaviour only since W2k3. This did not happen in Windows message news:%23wJuzHKAKHA.4432@TK2MSFTNGP05.phx.gbl... > > "Maurice" <Maur***@discussions.microsoft.com> wrote in message > news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com... >> If I run netuser.exe It shows an AD group with the name - >> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a >> look around I cannot find this phantom group. It doesn't show in ADUC >> either. >> Now it may be worth worrying about but if anyone has any clues as to what >> this may be or can advise a quick way to search AD to try and find this >> name >> I'd be obliged. >> >> Domain is Windows Server 2003 with one server running Server 2008 64bit >> with >> Exchange 2007. >> >> A check on event logs on either DC shows no errors/warnings of interest. >> >> This odd-ball item never used to appear in netuser.exe before, it just >> appeared recently. >> >> Just a bit worried in case there is some strange corruption in AD and I >> don't want the sytem coming crashing down around me! >> >> >> Cheers > > That name looks like the "pre-Windows 2000" name that the system assigns > to a group if you do not specify a value for the sAMAccountName attribute > when you create the group with code (rather than with the ADUC GUI). The > group will have a normal Common Name (the value of the cn attribute), but > the NetBIOS name (the "pre-Windows 2000 name", which is the value of the > sAMAccountName) will be a crazy string. I believe the form is: > > $aannnn-aaaaaaaaaaaa > > where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing > 0's in my experience). The netuser utility must return NetBIOS names, but > in ADUC groups are shown by cn. The "Name" field in ADUC is the Common > Name (the Relative Distinguished Name). > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > 2000 AD. You can use the dsquery command line tool (at a command prompt) to determine the Distinguished Name of the group. For example: dsquery group -samid $UJ5000-I64JO6IO1K6I Or you can use the * wildcard to save typing. For example: dsquery group -samid $UJ50* I managed to dump AD using the command csvde -f ad-dump.csv and searched the
dump for that string and found it under Domain CN=Microsoft Exchange System Objects and uder there CN = Exchange Install Domain Services I can't see why one of the attributes for that container appears as a group in certain views and not others. I could remove the container as it is only used during the install of Exchange and is for no other purpose. But, I'll probably leave it as I at least know what it is and it doesn't seem to be a real problem after all. Thanks v much. Show quoteHide quote "Richard Mueller [MVP]" wrote: > > "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in > message news:%23wJuzHKAKHA.4432@TK2MSFTNGP05.phx.gbl... > > > > "Maurice" <Maur***@discussions.microsoft.com> wrote in message > > news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com... > >> If I run netuser.exe It shows an AD group with the name - > >> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a > >> look around I cannot find this phantom group. It doesn't show in ADUC > >> either. > >> Now it may be worth worrying about but if anyone has any clues as to what > >> this may be or can advise a quick way to search AD to try and find this > >> name > >> I'd be obliged. > >> > >> Domain is Windows Server 2003 with one server running Server 2008 64bit > >> with > >> Exchange 2007. > >> > >> A check on event logs on either DC shows no errors/warnings of interest. > >> > >> This odd-ball item never used to appear in netuser.exe before, it just > >> appeared recently. > >> > >> Just a bit worried in case there is some strange corruption in AD and I > >> don't want the sytem coming crashing down around me! > >> > >> > >> Cheers > > > > That name looks like the "pre-Windows 2000" name that the system assigns > > to a group if you do not specify a value for the sAMAccountName attribute > > when you create the group with code (rather than with the ADUC GUI). The > > group will have a normal Common Name (the value of the cn attribute), but > > the NetBIOS name (the "pre-Windows 2000 name", which is the value of the > > sAMAccountName) will be a crazy string. I believe the form is: > > > > $aannnn-aaaaaaaaaaaa > > > > where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing > > 0's in my experience). The netuser utility must return NetBIOS names, but > > in ADUC groups are shown by cn. The "Name" field in ADUC is the Common > > Name (the Relative Distinguished Name). > > > > -- > > Richard Mueller > > MVP Directory Services > > Hilltop Lab - http://www.rlmueller.net > > -- > > > > > > I have seen this behaviour only since W2k3. This did not happen in Windows > 2000 AD. You can use the dsquery command line tool (at a command prompt) to > determine the Distinguished Name of the group. For example: > > dsquery group -samid $UJ5000-I64JO6IO1K6I > > Or you can use the * wildcard to save typing. For example: > > dsquery group -samid $UJ50* > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > > 
Other interesting topics
DISC SPACE
Migrate users from Existing Windows 2003 Domain to new 2008 Domain DNS zone disappered Group policy tatooing with restricted group ? or strange behaviour ! gpo w2k8 for xp sp3 Domain root MX records do not work with DNS STUB zones Domain Controller Problem after force removal Changing passwords from the command line Group Policy Issues - URGENT Upgrading AD 2003 to AD 2008 In-Place |
|||||||||||||||||||||||
