HPE Community
Operating System - OpenVMS
1828577 Members
2529 Online
109982 Solutions
New Discussion

Remove unknown accounts from AdvSrv group

 
Aaron Sakovich
Super Advisor

‎11-16-2005 06:22 AM

‎11-16-2005 06:22 AM

Remove unknown accounts from AdvSrv group

I've got a global group in Advanced Server that includes users in other domains as members. Some of those users have had their accounts deleted, which leaves me with dangling pointers in the group. For example:

Members: [UR] Account Unknown, [UR] Account Unknown, [UR] Account Unknown,
[US] INTERNAL\Aaron.Sakovich, ...

How do I remove these unassociated SIDs from the command line? There's no "/confirm" qualifier, nor is there a representation shown as to what the SID in question is (not that I'd really want to type in a SID...)

Any ideas?
Aaron
0 Kudos
Reply
4 REPLIES 4
Arch_Muthiah
Honored Contributor

‎11-16-2005 09:05 AM

‎11-16-2005 09:05 AM

Re: Remove unknown accounts from AdvSrv group

Aaron,

I think you have disabled user accounts in your system. Disablbed users is though not permitted to login, it continues to exist in the user accounts list.

Once you REMOVE those accounts, then those accounts should be permanently deleted.

So to remove, first set those accounts to Disabled, using...
MODIFY /flags=disuser

Then delete those account, using...
REMOVE USER

Note:
Each user account is represented by a unique identifier which is independent of the user name. Once the user account is deleted, even creating an identically named user account in the future will not restore access to resources which currently name this user account in the access control list.


Archunan
Regards
Archie
0 Kudos
Reply
Aaron Sakovich
Super Advisor

‎11-16-2005 02:26 PM

‎11-16-2005 02:26 PM

Re: Remove unknown accounts from AdvSrv group

No, the accounts aren't disabled -- they are accounts in another domain that have been deleted.

I know that with a Windows GUI i/f to the user manager, I can see the SID displayed (where the username normally would be) and can remove them from the group that way. However, I don't have the tools available to me now, and need to remove them using the CLI.

Aaron
0 Kudos
Reply
Brad McCusker
Respected Contributor

‎11-16-2005 05:22 PM

‎11-16-2005 05:22 PM

Re: Remove unknown accounts from AdvSrv group

Aaron - I'm 95% certain the solution to this is to use the Windows tools (user manager) to remove those "unknown" members. I vaguely recall looking into burying a way to do this from the CLI into the ADMIN utility, but, it never happened.

Wish I had a better answer - maybe someone else does?
Brad McCusker
Software Concepts International
0 Kudos
Reply
Aaron Sakovich
Super Advisor

‎11-17-2005 02:12 AM

‎11-17-2005 02:12 AM

Re: Remove unknown accounts from AdvSrv group

That's my thinking, too. It would have been nice if you could do a MODIFY GROUP grpnam /REMOVE=*/CONFIRM, but it's kind of a moot point now with AdvSrv's product status.

I've got a PC BDC where I can manage the user accounts from via UltraVNC. I think this is the first instance of something that can actually be done better in the PeeCee GooEee than from the command line on VMS!

Aaron
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.