Sign in with
Sign up | Sign in
Your question

Cannot Delete former Domain Admin

Last response: in Windows 2000/NT
Share
Anonymous
February 1, 2005 8:29:01 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Our organization is attempting to delete a user who had domain admin rights
at one time. When we attempt to delete it, we recieve an error saying the
account is built in and cannot be deleted.
Any help would be appreciated

More about : delete domain admin

February 1, 2005 1:48:53 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

In User Manager, make sure their default group is not "domain admins". It
should be "domain users". "Group" button, lower left corner.

Ray

"Jose Valdez" <JoseValdez@discussions.microsoft.com> wrote in message
news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com...
> Our organization is attempting to delete a user who had domain admin
rights
> at one time. When we attempt to delete it, we recieve an error saying the
> account is built in and cannot be deleted.
> Any help would be appreciated
Anonymous
February 2, 2005 6:23:22 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Don't delete it, Rename it and change the Pwd.
You should not delete the 'Built in Admin" account as it has all your
default security.

--
Yor Suiris
Remove the kNOT to reply.
But it is best to share it with the group.

"Jose Valdez" <JoseValdez@discussions.microsoft.com> wrote in message
news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com...
> Our organization is attempting to delete a user who had domain admin
> rights
> at one time. When we attempt to delete it, we recieve an error saying the
> account is built in and cannot be deleted.
> Any help would be appreciated
Related resources
Anonymous
February 4, 2005 11:27:26 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

In news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com,
Jose Valdez <JoseValdez@discussions.microsoft.com> commented
Then Kevin replied below:
> Our organization is attempting to delete a user who had
> domain admin rights at one time. When we attempt to
> delete it, we recieve an error saying the account is
> built in and cannot be deleted.
> Any help would be appreciated

It is much better to rename or disable accounts rather that delete and
recreate. If the user was using a renamed Built in Administrator account
rename the account, but not back to Administrator. Administrator is referred
to as a Well Known Account and is one of the first accounts hackers try when
they break into a system. The reason is the account cannot be locked out and
as soon as they hit the password, they are in, with full control of
everything.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 7, 2005 3:58:35 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

You cannot delete built in accounts anyways.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ejfK%23oyCFHA.3328@TK2MSFTNGP14.phx.gbl...
> In news:E3658DB1-51AF-4619-B817-C204F94D0E8D@microsoft.com,
> Jose Valdez <JoseValdez@discussions.microsoft.com> commented
> Then Kevin replied below:
>> Our organization is attempting to delete a user who had
>> domain admin rights at one time. When we attempt to
>> delete it, we recieve an error saying the account is
>> built in and cannot be deleted.
>> Any help would be appreciated
>
> It is much better to rename or disable accounts rather that delete and
> recreate. If the user was using a renamed Built in Administrator account
> rename the account, but not back to Administrator. Administrator is
> referred
> to as a Well Known Account and is one of the first accounts hackers try
> when
> they break into a system. The reason is the account cannot be locked out
> and
> as soon as they hit the password, they are in, with full control of
> everything.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Anonymous
February 8, 2005 11:48:50 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

In news:urbGR%23UDFHA.2052@TK2MSFTNGP10.phx.gbl,
Scott Harding <scrockel@NO_SPAM_hotmail.com> commented
Then Kevin replied below:
> You cannot delete built in accounts anyways.

Yes, this is true, however I was making the suggestion that under most
circumstances, it is better to disable accounts that can be renamed at a
later date.
I give all accounts a generic name, then adjust the logon name according to
the name of the user that is using the account. This works especially well
for companies with a high employee rollover. Every time you delete an
account, any explicit permissions on files and directories will still have
permissions for the deleted account's SID.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 8, 2005 7:19:35 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Good point about the SIDs

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:umDrO1eDFHA.1668@TK2MSFTNGP10.phx.gbl...
> In news:urbGR%23UDFHA.2052@TK2MSFTNGP10.phx.gbl,
> Scott Harding <scrockel@NO_SPAM_hotmail.com> commented
> Then Kevin replied below:
>> You cannot delete built in accounts anyways.
>
> Yes, this is true, however I was making the suggestion that under most
> circumstances, it is better to disable accounts that can be renamed at a
> later date.
> I give all accounts a generic name, then adjust the logon name according
> to
> the name of the user that is using the account. This works especially well
> for companies with a high employee rollover. Every time you delete an
> account, any explicit permissions on files and directories will still have
> permissions for the deleted account's SID.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
!