none
Deleted User not removed from GC RRS feed

  • Question

  • I was wondering if you could help me on an issue I am working on.

    I have a forest named

    "contoso.com", and a child domain named "child.com". Exchange 2010 is installed contoso.com, and have a mailbox enabled for a user in the child.com.

    The user account in child.com has been deleted and it was expected that the mailbox will be disconnected, but it hasn't. The mailbox is still up but we cannot disable, move, or edit it.

    When I open ADSI and connect to both LDAP and GC for name space dc=child,dc=com from child.com, the OU entry where the deleted user used to be is no longer there.

    However, when I open ADSI and connect to both LDAP and GC to dc=child,dc=com from contoso.com domain, LDAP does not show the user, but GC does.

    I think is what exchange is looking at but when it tries to enumerate more inforamtion about the user to the equivalent domain (child.com) it cannot find it.

    The account has been deleted for several days now but mailbox is still up. Any ideas how to delete records from GC using ADSI?

    I tried connecting to GC via LDP but when I delete it, it shows this error, i was expecting it because you cannot edit via GC port, has anyone have any idea how to remove stale GC records?

    ldap_modify_s(ld, 'CN=testuser\0ACNF:d98faa83-ba25-426a-8548-7a247ac66e4b,OU=Service Accounts,OU=DY Users,DC=child,DC=com',[1] attrs);
    Error: Modify: Unwilling To Perform. <53>
    Server error: 00002035: LdapErr: DSID-0C090BB7, comment: Operation not allowed through GC port, data 0, v1db1
    Error 0x2035 The server is unwilling to process the request.

    For God, and Country.

    Wednesday, September 18, 2019 12:38 AM

All replies

  • Hi,

    How did you delete the user account? From ADUC?

    How many DCs and GC in your organization?

    Does this mailbox still work as a normal mailbox?

    You can use the following command to check and make sure the mailbox is marked as Disabled:

    Clean-MailboxDatabase <db name> Get-MailboxDatabase <db name>| foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisplayName -eq "DisplayName"} | Format-List DisplayName,DisconnectReason,DisconnectDate

    Use the command to check which DC or GC your Exchange server is using:

    Get-ExchangeServer -status | fl static*,current*


    Please make sure your GC can sync with DCs successfully, and try to force the replication between your DC and GC manually.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, September 18, 2019 6:37 AM
    Moderator
  • Hi Lydia,

    The account was deleted from the ADUC of the child domain, i tried to recreate the issue but exchange now behaives normally (disconnecting mailbox when AD account is delete). This seems to be a 1 time deal.

    It looks like the mailbox is still up because when I sent an email to it, i don't get a bounce.

    I tried running the clean-mailboxdatabase and no ad replication issue has been observed in dcdiag to all DC/GC. I even tried to run AD Replication Status tool and no errors were found.

    Any ideas?


    For God, and Country.

    Wednesday, September 18, 2019 10:04 PM
  • Hi,

    We recommend to solve the account issue in AD firstly, then we can focus on the mailbox issue on Exchange server. You can post a question in AD forum Windows Server > Directory Services to delete this problematic account in GC. You will get more professional suggestions in AD forum to clear the user account. 

    On the other hand, we can create a transport rule to block messages sent to this mailbox which should be disconnected. You can create a rule like this:

    Hope your issue can be solved soon.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, September 20, 2019 2:22 AM
    Moderator
  • Just checking in to see if above information was helpful.

    If there is anything else we can do for you, please feel free to post in the forum.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, September 25, 2019 1:19 AM
    Moderator