So recently I've been trying to fix an issue that was preventing me from copying existing user accounts. You'd get to the final step and click finish and be rewarded with an error box stating: Windows cannot create the object such and such because: The parameter is incorrect.
As it turns out, this error is caused by bad data in one of the user Attributes. The good news is that it can be fixed, the bad news is that it may require some perseverance to find it. The following steps and screenshots were done on a Win2k8 controller so some things might look different. The user and computers MMC is currently in 'advanced' mode (View-> Advanced Features)
Open up a known good user that you can copy and on another window or another dc open up the problem user. Go to the Attributes Tab and set the Filter in the bottom right to "Show only attributes that have values" and repeat in the other window. (That is unless you like spending LOTS more time doing this). This will narrow the search down considerably.
Now do a side by side comparison and look for values that either exist in only one user or that look odd.
In my case, when I went to Edit the msRADIUSCallbackNumber attribute, I found that it had garbage in it. Just hit the Clear button and OK out.
After I torched the msRADIUS values on mine, I was able to copy the user without any problems. And due to a shortage of time, I didn't get around to writing a powershell script to dump it out to excel but maybe if I get bored one day...
Thursday, September 25, 2008
Subscribe to:
Post Comments (Atom)
14 comments:
Thanks for posting your information to this site. We were encountering the same issue while copying a user. I have compared info though ADSIEdit but have yet to find the bad data. Fortunately you have at least taught me where to look.
Regards
Good post. Probably saved me hours and hours of troubleshooting this. In my case it was also the msRadiusCallbackNum. Clearing it resolved issue. I will also note, that I noticed that copying "newer" user accts (say within the past 6 months) had no issues being copied. It was the "old" accts, people that have been here for years, would not copy. Each one was msRadius related.
I had same issue. I did not have 2008 AD controller to edit atributes, so on another post and using your hint, I assumed it was indeed a msRADIUScallback number problem. In 2003, it was under Properties > Dial-In > Call Back Options. Even though we had this set to No Callback, AD must of had a value in there. I created a fake callback number and saved it and then set is back to "No Callback" and saved again.That fixed it like the above solution and Iwas then able to copy a user.Pmac
Thanks for your help, i got the exact same issue. Do you know why this happen? Could it be an issue with the version of the users and computers AD snapin that we use? I got an 2003/2008 environment with some Win7 computer.
I think it was legacy garbage left over from some older installation that had modified the AD users. Prior to having dedicated test environments, we had tested products like live communications server and remote access solutions and any one of them could have left residue like this.
We had the exact same issue. As everyone else stated, left over garbage from the legacy DC's that copied over with the migration to the new DC's. This was a huge help.
Thanks!
Austin
I know this post is old, but it still helping folks out. In my case it was msRadiusCallbackNum set to nothing and had to clear it to and it worked. Thanks.
Same issue here (msRadiusCallbackNum).
Thanks!
Thank you very much, this issue seems to still be relavant in 2015 on Windows Server 2012r2
had the exact same issue, and cleared the msRadiusCallbackNum and worked like a charm.
Same here. As someone stated earlier, "this post is old but still helping people out." It was exactly what I needed in 2012 R2 environment.
Had the exact same issue, and cleared the msRadiusCallbackNum and worked like a charm.
Good post, Radius Atribute was the issue for me as well.
Thank you so much for this blog! I am new to IT and when I ran into this error, I had a pucker moment. When I started going through the original attributes of the user I wanted to copy, there were several entries that showed actual garbage (diamonds, non-text) in the fields. I ignored those and went straight to the msRADIUS entry described in the article. It was blank, didn't have in the field. I opened it and cleared it anyway and afterwards, I was able to copy this account to create a new user. Thanks again!
Post a Comment