How to delete builtin user account from active directory

I have some users accounts that are disabled and not sure who created them  but we need to delete them from AD for the auditors. Is there a way to delete these from AD. The server is 2008 R2
These accounts are have like bogus names to them not like administrator or anything like that..
LVL 1
vmichAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry Struckmeyer MVPCommented:
Please give one or more examples of the "like bogus names".  And what is the auditors objections to "built in accounts"?
0
vmichAuthor Commented:
it test
krbtgt

No clue what they were ever used for..
0
vmichAuthor Commented:
Also the accounts are listed under the disabled accounts
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Larry Struckmeyer MVPCommented:
Those would not appear to be built in accounts.  If disabled, and you have a system state backup I believe they can be removed.  Disabled accounts have no use and would only be reactivated if the users returned to duty.  

Maybe check their group memberships and see if you can trace down what they might have been used for.
0
vmichAuthor Commented:
When I try to delete them it keeps telling me that builtin accounts cannot be deleted. Even tired via adsiedit but no go..
0
noxchoGlobal Support CoordinatorCommented:
Built in accounts do not have such names. System or Administrator are built in accounts.
0
vmichAuthor Commented:
I know that that's why I don't understand why it is saying I can delete them because they are built in accounts
0
Larry Struckmeyer MVPCommented:
Can you move them?
0
vmichAuthor Commented:
yes it lets me move them....
0
Gabriel CliftonNet AdminCommented:
Do not delete krbtgt, http://windowsitpro.com/security/q-what-krbtgt-account-used-active-directory-ad-environment
I think the account is disabled by default. Just need to worry about it test.
0
vmichAuthor Commented:
Awesome find thanks..
Just need to figure out how to delete the it test account...
0
Gabriel CliftonNet AdminCommented:
Does the IT Test account have any additional information with it like description or user logon name? I have found that you can rename a builtin account.
0
vmichAuthor Commented:
No it does not have any description with it but for the login in it says it@xxxxxxxx
where the x'x are is their domain name...
0
Gabriel CliftonNet AdminCommented:
Are you able to go into the properties of the account, go to security, add yourself and give yourself full control, then delete.
0
Gabriel CliftonNet AdminCommented:
Here is a find. A list of all true AD builtin accounts and their SIDs. Check this and see if it was another account renamed / repurposed. http://support.microsoft.com/kb/243330
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmichAuthor Commented:
You got it right again...
It has the beginning sid number for the administrator account so that is why I can delete it. I guess some one renamed it to it test at some point..
Thanks for all your info..
0
vmichAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for vmich's comment #a40368390

for the following reason:

account was an administrator account before found via sid...
0
vmichAuthor Commented:
Sorry I clicked on my own instead of yours Clifton for the solution...
How do I change that?
0
Gabriel CliftonNet AdminCommented:
Object, Author states clicked on wrong comment to accept as solution.
0
vmichAuthor Commented:
Yes I just sent the moderator the same so that I can resolve this..
Sorry for my screw up
0
Gabriel CliftonNet AdminCommented:
No problem, it happens.
0
vmichAuthor Commented:
account was an administrator account before found via sid...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.