Net user command does not work properly.

Nov 8, 2018
1
0
10
Hey, I have a network of computers and when I try to delete an account, it states that the command was executed successfully and the accounts do not show up with the command "net user /domain" in the list, as if they were deleted.
But the problem comes in with me still being able to log in with the account that I "deleted", but it seems to be gone from the list anyway.
Command I used to delete the account was: "net user (name) /delete /domain"
Yes, the domain was correct for sure so I don't understand.
 
Hello

Can you please check with ADUC if the account was deleted?

Is there any chance that the account details/credentials are cached on the client computer? Can you please try logging in to the deleted account from a different computer?

Please report back with the results, and we'll try to help you with a better solution.

Cheers!!
 
if there was no space in the user name then the command should have been passed to the domain controller and processed. there should be some delay before the changes are synced.

I think windows remembers the last 10 logon attempts in cache by default unless you make a registry change to prevent it. (you can unplug your network tap and still log in)

this used to be the key, I have not looked in years so it might have changed:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0 - 50


if the login failed to validate on the domain controller because the account has been deleted, maybe it then got logged in with the cached credentials on the local machine. (kind of sounds like a bug, but I would have to look into it, it could be by design, the user should only get access to local resources but not network validated connections)