‘protected’ is a custom user object attribute i did add.
On a machine some users are always logged on with temorarary profiles only? Go to this machines registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList Check the names + note the SIDs (!) + and delete these candidates. Then go to HKEY_USERS and delete the corresponding SIDs branches.
Setting some user branch rules for specific users on specific machines only. Forget old school loopback mode – use WMI Filtering instead. Create a WMI Rule. Syntax is like select * from Win32_ComputerSystem where ( Name like ‘MACHINE%’ or Name = ‘SERVERX’) and (UserName like ‘mueller%’ or Username = ‘meier’ ) You MUST (!!!) add […]
OBJECT2DELETE=Workstation03 ldbdel -H $SAMBA_LDB “$(ldbsearch -H $SAMBA_LDB “(sAMAccountName=$OBJECT2DELETE)” dn | grep -v ‘^#’ | head -n 1 | grep ‘dn:’ | sed ‘s|dn:\ ||’ | grep ‘DC’)”