Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2002: Duplicated AD users added to zone with string like “CNF:123….” in UNIX name

Authentication Service ,  

12 April,16 at 11:45 AM


Some AD users were added to the zone twice and the unix name of duplicated user entry is appended with “CNF:123….”. For example:

User       UNIX name
John       John
John       John CNF:123a3e2a5-1824-47c4-a0d6…


“CNF: <a hash number>” is appended by AD whenever it detects a conflict in the name for the newly created objects.

For example, there are two domain controllers, DC1 and DC2 in AD.  A new user object called “John” is created on DC1 and immediately another new user object is created on DC2 with the same name “John”.

When DC1 and DC2 start to replicate, they will detect two conflicting objects.  AD will rename the one created with the later timestamp by appending “CND:<GUID>” to its name. GUID is an unique identifier that is guaranteed to be unique and will prevent any future conflicts. 


Simply delete the later object, i.e. the one which has “CNF:GUID” in UNIX name.