Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Have you tried to use DSACLS to restore/set security on the object?
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------
"nedim" <nedim@discussions.microsoft.com> wrote in message
news:5864A317-9CF7-4334-ACD9-73AB0981C5FE@microsoft.com...
>I have just tried to blow the entrie off with LDP and it just says:
>
> Error: Delete: Referral. <10>
>
> I believe that this is security ownership error - the same I had with
> ADSIEdit.
>
> The only user who has full right on the record, apart of
> S-1-5-21-2712436544-1560754229-2370726782-512
> is SYSTEM and it looks like there is no way out.
>
> Nedim
>
> "Jimmy Andersson [MVP]" wrote:
>
>> Have you tried to delete it with Ldp?
>> Is sounds like there is a reference to it somewhere, try to search for
>> the
>> GUID with Ldp and see what you find.
>>
>> Regards,
>> /Jimmy
>> --
>> Jimmy Andersson, Q Advice AB
>> Microsoft MVP - Directory Services
>> ---------- www.qadvice.com ----------
>>
>>
>> "nedim" <nedim@discussions.microsoft.com> wrote in message
>> news:B97F4FD6-3C7B-4616-BABF-B93BA238EDDF@microsoft.com...
>> > Thanx Jimmy,
>> >
>> > you are right. We did try a metadata cleanup and ADSIedit. We cleaned a
>> > lot
>> > of things. Trusts, servers etc. everithing but a redord of a ghost
>> > domain,
>> > wich cannot be removed on any way we know. ADSIEdit shows that the
>> > entery
>> > is
>> > owned by a nonexisting user.
>> > I cannoy take ownership of object
>> > - cannot delete it
>> > - general catalg cannot start
>> > - domain naming master cannot be seized
>> > - cannot promote DC to primary
>> > - I LOST MY DOMAIN!
>> >
>> >
>> > Funny,
>> >
>> > Thanks for advices
>> > Nedim
>> > "Jimmy Andersson [MVP]" wrote:
>> >
>> >> I guess you tried to do a metadata cleanup with NTDSUTIL, use ADSIEdit
>> >> (or
>> >> LDP) to look for any connection objects that is left. Also clean up
>> >> DNS,
>> >> remove any trusts and try a metadata cleanup again.
>> >>
>> >> Regards,
>> >> /Jimmy
>> >> --
>> >> Jimmy Andersson, Q Advice AB
>> >> Microsoft MVP - Directory Services
>> >> ---------- www.qadvice.com ----------
>> >>
>> >>
>> >> "nedim" <nedim@discussions.microsoft.com> wrote in message
>> >> news:A70A04E6-3963-42E9-9A66-C2041A837E3F@microsoft.com...
>> >> > Because of the wrongly performed test win2003 server insalation in
>> >> > our
>> >> > w2000server domain we suffered damage on primary DC. we couldn't
>> >> > tranfser
>> >> > master roles so we decided to kill the server and to seize the roles
>> >> > on
>> >> > replica.
>> >> >
>> >> > We couldn't transfer domain naming master since general catalog
>> >> > could
>> >> > not
>> >> > be
>> >> > promoted on new DC. the reason is one (DC=fserv like) entery which
>> >> > we
>> >> > couldn't delete because of security - the entery is owned by not
>> >> > existig
>> >> > domain.
>> >> >
>> >> > We used NTDSUTIL and ADSIedit and couldn't get rid of it.
>> >> >
>> >> > As a simptom we have one exra domain (fserv) in AD Domains and
>> >> > Trusts
>> >> >
>> >> > If anyone knows something about this issue please advise us .
>> >> >
>> >> > Nedim Hadzibegic
>> >> > nedim@broderinarin.com
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>