Share via

Site and Services shows GUID in front of the server's name

Sam Na 46 Reputation points
2024-02-25T19:05:04.2233333+00:00

Our hub site in the Active Directory site and services shows one of the servers with the GUID name in front of it. We tried to rename the subject server using the ADSIEdit tool, however, we got an error that the name belongs to the system and could not change it. This was due to a demotion/promotion; however, full metadata cleanup was done, but we are still seeing this behavior. All we need is to fix the CN, distinguished name, and name, but we are unable to perform this using ADSIEdit .
error

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,917 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 39,525 Reputation points MVP
    2024-02-25T19:16:33.33+00:00

    This indicates a replication conflict - you effectively have two instances of the same object. To resolve this issue, you should delete one of them

    As per https://learn.microsoft.com/en-us/answers/questions/101494/all-about-active-directory-cnf-object-finding-vali:

    CNF stands for conflict, it is appended to the common name along with a GUID when a duplicate object exists with the same name.
    For example, object ABC is renamed to be CNF:guid, where "" represents a reserved character, "CNF" is a constant that indicates a conflict resolution, and "guid" represents a printable representation of the objectGuid attribute value.
    This will cause an event ID 12292 to be logged in the system event log on the domain controller. You must clean up Active Directory to resolve this error.

    Following command exmaples can be used to find the CNF dsquery * -filter "(cn=cnf:)" dsquery * forestroot -gc -attr distinguishedName -scope subtree -filter[RETURN]
    "(|(cn=\0ACNF:)(ou=\0ACNF:))" dsquery * forestroot -gc -attr distinguishedName -scope subtree -limit 0 -filter "(name=\0ACNF:)" > CNF_Objects.txt dsquery * -d yourdomain.com -attr distinguishedName -scope subtree -limit 0 -filter "(name=\0ACNF:)" > CNF_Objectstxt

    To remove or rename the CNF,you can do it from the ADSI or ADUC :
    26198-9221.jpg

    Following link for your reference:
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727059(v=technet.10)?redirectedfrom=MSDN
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/80538405-488a-4128-ae0c-5624ce616ae4/adsi-edit-cnf?forum=winserverDS

    hth Marcin

  2. Marcin Policht 39,525 Reputation points MVP
    2024-02-26T02:26:17.53+00:00

    Would you mind clarifying why deleting the duplicate object would not work?

    hth Marcin

  3. Marcin Policht 39,525 Reputation points MVP
    2024-02-26T12:16:18.85+00:00

    If you cannot locate the duplicate instance of the object, then, in order to eliminate this issue, consider demoting the DC, cleaning up any stale metadata, and repromoting it back.

    hth Marcin

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.