Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Phantom AD group called $UJ5000-I64JO6IO1K6I ????
Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157581] Thu, 09 July 2009 09:40 Go to next message
Maurice  is currently offline Maurice
Messages: 67
Registered: August 2009
Member
If I run netuser.exe It shows an AD group with the name -
$UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
look around I cannot find this phantom group. It doesn't show in ADUC either.
Now it may be worth worrying about but if anyone has any clues as to what
this may be or can advise a quick way to search AD to try and find this name
I'd be obliged.

Domain is Windows Server 2003 with one server running Server 2008 64bit with
Exchange 2007.

A check on event logs on either DC shows no errors/warnings of interest.

This odd-ball item never used to appear in netuser.exe before, it just
appeared recently.

Just a bit worried in case there is some strange corruption in AD and I
don't want the sytem coming crashing down around me!


Cheers
Re: Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157583 is a reply to message #157581] Thu, 09 July 2009 09:48 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Maurice,

Maurice wrote:
> If I run netuser.exe It shows an AD group with the name -
> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
> look around I cannot find this phantom group. It doesn't show in ADUC either.
> Now it may be worth worrying about but if anyone has any clues as to what
> this may be or can advise a quick way to search AD to try and find this name
> I'd be obliged.

Does that help you in any way?
http://blogs.technet.com/ad/archive/2006/12/13/lookin-at-som e-ad-dumpage.aspx

Cheers,
Florian
Re: Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157586 is a reply to message #157583] Thu, 09 July 2009 10:16 Go to previous messageGo to next message
Maurice  is currently offline Maurice
Messages: 67
Registered: August 2009
Member
That looks heavy. I'll take time and have a good look there.

Cheers

"Florian Frommherz [MVP]" wrote:

> Maurice,
>
> Maurice wrote:
> > If I run netuser.exe It shows an AD group with the name -
> > $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
> > look around I cannot find this phantom group. It doesn't show in ADUC either.
> > Now it may be worth worrying about but if anyone has any clues as to what
> > this may be or can advise a quick way to search AD to try and find this name
> > I'd be obliged.
>
> Does that help you in any way?
> http://blogs.technet.com/ad/archive/2006/12/13/lookin-at-som e-ad-dumpage.aspx
>
> Cheers,
> Florian
>
Re: Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157587 is a reply to message #157581] Thu, 09 July 2009 10:31 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Maurice" <Maurice@discussions.microsoft.com> wrote in message
news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com...
> If I run netuser.exe It shows an AD group with the name -
> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
> look around I cannot find this phantom group. It doesn't show in ADUC
> either.
> Now it may be worth worrying about but if anyone has any clues as to what
> this may be or can advise a quick way to search AD to try and find this
> name
> I'd be obliged.
>
> Domain is Windows Server 2003 with one server running Server 2008 64bit
> with
> Exchange 2007.
>
> A check on event logs on either DC shows no errors/warnings of interest.
>
> This odd-ball item never used to appear in netuser.exe before, it just
> appeared recently.
>
> Just a bit worried in case there is some strange corruption in AD and I
> don't want the sytem coming crashing down around me!
>
>
> Cheers

That name looks like the "pre-Windows 2000" name that the system assigns to
a group if you do not specify a value for the sAMAccountName attribute when
you create the group with code (rather than with the ADUC GUI). The group
will have a normal Common Name (the value of the cn attribute), but the
NetBIOS name (the "pre-Windows 2000 name", which is the value of the
sAMAccountName) will be a crazy string. I believe the form is:

$aannnn-aaaaaaaaaaaa

where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing
0's in my experience). The netuser utility must return NetBIOS names, but in
ADUC groups are shown by cn. The "Name" field in ADUC is the Common Name
(the Relative Distinguished Name).

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157588 is a reply to message #157587] Thu, 09 July 2009 10:50 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:%23wJuzHKAKHA.4432@TK2MSFTNGP05.phx.gbl...
>
> "Maurice" <Maurice@discussions.microsoft.com> wrote in message
> news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com...
>> If I run netuser.exe It shows an AD group with the name -
>> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
>> look around I cannot find this phantom group. It doesn't show in ADUC
>> either.
>> Now it may be worth worrying about but if anyone has any clues as to what
>> this may be or can advise a quick way to search AD to try and find this
>> name
>> I'd be obliged.
>>
>> Domain is Windows Server 2003 with one server running Server 2008 64bit
>> with
>> Exchange 2007.
>>
>> A check on event logs on either DC shows no errors/warnings of interest.
>>
>> This odd-ball item never used to appear in netuser.exe before, it just
>> appeared recently.
>>
>> Just a bit worried in case there is some strange corruption in AD and I
>> don't want the sytem coming crashing down around me!
>>
>>
>> Cheers
>
> That name looks like the "pre-Windows 2000" name that the system assigns
> to a group if you do not specify a value for the sAMAccountName attribute
> when you create the group with code (rather than with the ADUC GUI). The
> group will have a normal Common Name (the value of the cn attribute), but
> the NetBIOS name (the "pre-Windows 2000 name", which is the value of the
> sAMAccountName) will be a crazy string. I believe the form is:
>
> $aannnn-aaaaaaaaaaaa
>
> where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing
> 0's in my experience). The netuser utility must return NetBIOS names, but
> in ADUC groups are shown by cn. The "Name" field in ADUC is the Common
> Name (the Relative Distinguished Name).
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>

I have seen this behaviour only since W2k3. This did not happen in Windows
2000 AD. You can use the dsquery command line tool (at a command prompt) to
determine the Distinguished Name of the group. For example:

dsquery group -samid $UJ5000-I64JO6IO1K6I

Or you can use the * wildcard to save typing. For example:

dsquery group -samid $UJ50*

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Phantom AD group called $UJ5000-I64JO6IO1K6I ???? [message #157592 is a reply to message #157588] Thu, 09 July 2009 11:50 Go to previous message
Maurice  is currently offline Maurice
Messages: 67
Registered: August 2009
Member
I managed to dump AD using the command csvde -f ad-dump.csv and searched the
dump for that string and found it under Domain CN=Microsoft Exchange System
Objects and uder there CN = Exchange Install Domain Services

I can't see why one of the attributes for that container appears as a group
in certain views and not others. I could remove the container as it is only
used during the install of Exchange and is for no other purpose. But, I'll
probably leave it as I at least know what it is and it doesn't seem to be a
real problem after all.

Thanks v much.

"Richard Mueller [MVP]" wrote:

>
> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
> message news:%23wJuzHKAKHA.4432@TK2MSFTNGP05.phx.gbl...
> >
> > "Maurice" <Maurice@discussions.microsoft.com> wrote in message
> > news:07B8FDF2-E0A2-4A9D-8CD7-E55B81BF1E62@microsoft.com...
> >> If I run netuser.exe It shows an AD group with the name -
> >> $UJ5000-I64JO6IO1K6I but no users in it. If I open up adsiedit and have a
> >> look around I cannot find this phantom group. It doesn't show in ADUC
> >> either.
> >> Now it may be worth worrying about but if anyone has any clues as to what
> >> this may be or can advise a quick way to search AD to try and find this
> >> name
> >> I'd be obliged.
> >>
> >> Domain is Windows Server 2003 with one server running Server 2008 64bit
> >> with
> >> Exchange 2007.
> >>
> >> A check on event logs on either DC shows no errors/warnings of interest.
> >>
> >> This odd-ball item never used to appear in netuser.exe before, it just
> >> appeared recently.
> >>
> >> Just a bit worried in case there is some strange corruption in AD and I
> >> don't want the sytem coming crashing down around me!
> >>
> >>
> >> Cheers
> >
> > That name looks like the "pre-Windows 2000" name that the system assigns
> > to a group if you do not specify a value for the sAMAccountName attribute
> > when you create the group with code (rather than with the ADUC GUI). The
> > group will have a normal Common Name (the value of the cn attribute), but
> > the NetBIOS name (the "pre-Windows 2000 name", which is the value of the
> > sAMAccountName) will be a crazy string. I believe the form is:
> >
> > $aannnn-aaaaaaaaaaaa
> >
> > where "a" is alphanumeric and "nnnn" is a 4 digit number (with 3 trailing
> > 0's in my experience). The netuser utility must return NetBIOS names, but
> > in ADUC groups are shown by cn. The "Name" field in ADUC is the Common
> > Name (the Relative Distinguished Name).
> >
> > --
> > Richard Mueller
> > MVP Directory Services
> > Hilltop Lab - http://www.rlmueller.net
> > --
> >
> >
>
> I have seen this behaviour only since W2k3. This did not happen in Windows
> 2000 AD. You can use the dsquery command line tool (at a command prompt) to
> determine the Distinguished Name of the group. For example:
>
> dsquery group -samid $UJ5000-I64JO6IO1K6I
>
> Or you can use the * wildcard to save typing. For example:
>
> dsquery group -samid $UJ50*
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>
Previous Topic:Migrate users from Existing Windows 2003 Domain to new 2008 Domain
Next Topic:Advice wanted on setting user permissions - Group policy etc
Goto Forum:
  


Current Time: Fri Oct 20 10:08:12 EDT 2017

Total time taken to generate the page: 0.02715 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software