hidden user in Windows Server 2008 r2


  • Hi all, hope you all are doing great.

    I need help please. An audit was carried out on my windows server 2008 r2 and it revealed a user account that was set never to expire. The user does not appear on the active directory users list, but appears whenever the code below is executed via command prompt.

    CSVDE -f AUDIT_USERS.csv -r objectClass=user -l "DN, SAMAccountName, whenCreated, objectclass, givenName, sn, name, maxPwdAge, accountExpires, lastLogon, lastLogonTimeStamp, whenChanged, pwdLastSet, lockoutDuration, lockoutThreshold, memberOf, primaryGroupID, logonCount, userAccountControl"

    I need to delete that user. please help.

    Thank you

    Friday, April 7, 2017 8:43 AM

All replies

  • Hi,

    Using dsrm:

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, April 10, 2017 8:41 AM
  • also you can delete it using adsi. For that Open ADSIEdit.msc (start run adsiedit.msc) on the domain controller. Navigate to where the user is and right click his name  and do the needful.
    Monday, April 10, 2017 11:56 AM
  • Your csvde command documents the distinguished name of this user. That should show you exactly where in Active Directory the user object is located. Do you mean you cannot see the user even when you look in the organizational unit or container indicated by the distinguished name? How do you get your user list? Do you use a script, and if so, can you post the script (or command line)?

    It is possible the user name starts with a space, or some other character you don't see, so that it does not appear in the order you expect. Or your account may have been denied permissions to view the object.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, April 10, 2017 3:52 PM