Hello all, Recently we have noticed that there are some user accounts where a duplicate user id has been created. any reason why that? any bug?? examples below.... 1) - DCS_DCPSR100FDC - DCS_DCPSR100FDCCNF:4bc908f5-67ab-4417-87b3-c8fc4bcb7616 Actually the "logon name" is the same i.e DCS_DCPSR100FDC. I guess the full name is DCS_DCPSR100FDCCNF:4bc908f5-67ab-4417-87b3-c8fc4bcb7616. why there is this duplicate?? 2) DCS_CURSR051BRS DCS_CURSR051BRSCNF:35839ac5-9411-4ade-9d49-62e8da431f37 Please help.....

can u share more info. is original user created manually or automated? is it service account ? what is this account used for? what is OS on your domains? Thanks Uday Kiran, Senior Consultant Cyquent Technology Consultants, Dubai Please Mark as answer if it helps you

Hello, if the account contains CFN:guid as yours that you are posted you have replicaiton problems or connection problems. This CNF accounts belong to double existing accounts where one was created without connection between DCs on BOTH DCs and then the DCs are reconnected for example. To get an overview about the domain setup please upload: ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server] dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

As Meinolf mentioned, it was a replication conflict. One other possible answer is that the same account was created at two different computers at roughly the same time. Then when the DC used to create each of the accounts attempts to replicate with the other DC, they both realize that they already have that account. One becomes the real account and one is renamed to include the "CNF:GUID" suffix so you don't loose the account entirely. Is it possible that these accounts were created twice before a replication cycle between domain controllers could complete? C Shane Cribbs http://www.georgiatechnologies.com

Agree with both Meinolf and Shane. This is called a "collision".Visit: anITKB.com, an IT Knowledge Base.

Hi, To find and clean up duplicate security identifiers, you may use Ntdsutil. For the detailed steps, please refer to the following Microsoft KB article: HOW TO: Find and Clean Up Duplicate Security Identifiers with Ntdsutil in Windows Server 2003 http://support.microsoft.com/kb/816099 Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.