Understanding the search criteria that Active Directory Account Cleanup Wizard uses will help you understand the cleanup process. The wizard searches for two types of search criteria when searching for accounts representing the same object. The wizard matches active user accounts and a disabled user accounts representing the same object, and also matches active user accounts and contact accounts representing the same object.
This method matches the active user's SID attribute
SIDHistory) to the disabled
msExchMasterAccountSid attribute. This search
method results from upgrading a Windows NT 4.0 accounts domain to
Windows 2000 after you install ADC.
When ADC created the disabled user object for the Exchange 5.5
mailbox in Active Directory, the object was given a new SID.
However, ADC also wrote the Windows NT 4.0 SID into an attribute
msExchMasterAccountSid. After the Windows NT
4.0 account was moved as part of the domain upgrade process, the
SID from that account existed in Active Directory.
This method searches by common name or display name attributes
and matches objects with the same name. In this search method, the
displayName attributes are
matched. This search method results from running a connector to a
third-party e-mail system with Active Directory in an Exchange 2000
or Exchange 5.5 organization.
This method also searches by the e-mail nickname or alias
attributes and matches objects with the same nickname or alias. In
this search method, the
SamAccountName(Login ID) attributes are matched.
Running a connector to a third-party e-mail system causes a contact to be created in Active Directory. After the Windows NT 4.0 account was moved to Active Directory as part of the domain upgrade process, a user account was added to Active Directory.
Related TopicsUnderstanding Active Directory Cleanup Understanding Merge Operations Use the Wizard to Search for Duplicate Accounts