Cannot Delete former Domain Admin

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Our organization is attempting to delete a user who had domain admin rights
at one time. When we attempt to delete it, we recieve an error saying the
account is built in and cannot be deleted.
Any help would be appreciated
6 answers Last reply
More about cannot delete domain admin
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    In User Manager, make sure their default group is not "domain admins". It
    should be "domain users". "Group" button, lower left corner.

    Ray

    "Jose Valdez" <JoseValdez@discussions.microsoft.com> wrote in message
    news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com...
    > Our organization is attempting to delete a user who had domain admin
    rights
    > at one time. When we attempt to delete it, we recieve an error saying the
    > account is built in and cannot be deleted.
    > Any help would be appreciated
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Don't delete it, Rename it and change the Pwd.
    You should not delete the 'Built in Admin" account as it has all your
    default security.

    --
    Yor Suiris
    Remove the kNOT to reply.
    But it is best to share it with the group.

    "Jose Valdez" <JoseValdez@discussions.microsoft.com> wrote in message
    news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com...
    > Our organization is attempting to delete a user who had domain admin
    > rights
    > at one time. When we attempt to delete it, we recieve an error saying the
    > account is built in and cannot be deleted.
    > Any help would be appreciated
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    In news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com,
    Jose Valdez <JoseValdez@discussions.microsoft.com> commented
    Then Kevin replied below:
    > Our organization is attempting to delete a user who had
    > domain admin rights at one time. When we attempt to
    > delete it, we recieve an error saying the account is
    > built in and cannot be deleted.
    > Any help would be appreciated

    It is much better to rename or disable accounts rather that delete and
    recreate. If the user was using a renamed Built in Administrator account
    rename the account, but not back to Administrator. Administrator is referred
    to as a Well Known Account and is one of the first accounts hackers try when
    they break into a system. The reason is the account cannot be locked out and
    as soon as they hit the password, they are in, with full control of
    everything.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You cannot delete built in accounts anyways.

    --
    Scott Harding
    MCSE, MCSA, A+, Network+
    Microsoft MVP - Windows NT Server
    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:ejfK%23oyCFHA.3328@TK2MSFTNGP14.phx.gbl...
    > In news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com,
    > Jose Valdez <JoseValdez@discussions.microsoft.com> commented
    > Then Kevin replied below:
    >> Our organization is attempting to delete a user who had
    >> domain admin rights at one time. When we attempt to
    >> delete it, we recieve an error saying the account is
    >> built in and cannot be deleted.
    >> Any help would be appreciated
    >
    > It is much better to rename or disable accounts rather that delete and
    > recreate. If the user was using a renamed Built in Administrator account
    > rename the account, but not back to Administrator. Administrator is
    > referred
    > to as a Well Known Account and is one of the first accounts hackers try
    > when
    > they break into a system. The reason is the account cannot be locked out
    > and
    > as soon as they hit the password, they are in, with full control of
    > everything.
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    In news:urbGR%23UDFHA.2052@TK2MSFTNGP10.phx.gbl,
    Scott Harding <scrockel@NO_SPAM_hotmail.com> commented
    Then Kevin replied below:
    > You cannot delete built in accounts anyways.

    Yes, this is true, however I was making the suggestion that under most
    circumstances, it is better to disable accounts that can be renamed at a
    later date.
    I give all accounts a generic name, then adjust the logon name according to
    the name of the user that is using the account. This works especially well
    for companies with a high employee rollover. Every time you delete an
    account, any explicit permissions on files and directories will still have
    permissions for the deleted account's SID.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  6. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Good point about the SIDs

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:umDrO1eDFHA.1668@TK2MSFTNGP10.phx.gbl...
    > In news:urbGR%23UDFHA.2052@TK2MSFTNGP10.phx.gbl,
    > Scott Harding <scrockel@NO_SPAM_hotmail.com> commented
    > Then Kevin replied below:
    >> You cannot delete built in accounts anyways.
    >
    > Yes, this is true, however I was making the suggestion that under most
    > circumstances, it is better to disable accounts that can be renamed at a
    > later date.
    > I give all accounts a generic name, then adjust the logon name according
    > to
    > the name of the user that is using the account. This works especially well
    > for companies with a high employee rollover. Every time you delete an
    > account, any explicit permissions on files and directories will still have
    > permissions for the deleted account's SID.
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
Ask a new question

Read More

Domain Microsoft Windows