Posts Tagged ‘active directory’

For various reasons, there are times when Active Directory may encounter a situation where multiple objects appear. The duplicates will be named with a CNF:[GUID] on the end of the name.

Here is an excellent Microsoft blog post with an explanation of why it happens and some simple commands to find these objects. It is an issue we encounter at times with Configuration Manager boundaries and slow AD replication, but could happen for many other object types also.

For a slightly simpler method, here is my approach to using AD Users and Computers to find and delete them.


WARNING: This is intended for use in a lab environment rather than production. Given the nature of domain controllers, all details here should be used with extreme caution as damage is HIGHLY POSSIBLE and data loss is a risk.

At various time I want to test something that I want to install on my production system at home without actually risking damaging anything. The easiest way I find is to make a copy of the virtual machine hard disks and start them up attached to a new LAB version of the machine, on an isolated Virtual network of course. This works fine for Domain Controllers also which makes it quicker to test things like Exchange with your actual configuration.


Let me say this first of all – Do not try this at home. The following is not a “strategy”, it was a last desperate act to recover *something* from *nothing*. In this case it seems to have paid off, but there is still a lot of work to do.

Following on from my previous post about the serious disk crash experience…

After spending more time than I should have curled in a ball, rocking back and forth and hoping something would just start working by itself, I finally realised that I didn’t really have any proper options left. I was at the point where *anything* was an option, there was no longer a wrong way to do things.