• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

How to delete builtin user account from active directory

I have some users accounts that are disabled and not sure who created them  but we need to delete them from AD for the auditors. Is there a way to delete these from AD. The server is 2008 R2
These accounts are have like bogus names to them not like administrator or anything like that..
0
vmich
Asked:
vmich
  • 12
  • 6
  • 3
  • +1
1 Solution
 
Larry Struckmeyer MVPCommented:
Please give one or more examples of the "like bogus names".  And what is the auditors objections to "built in accounts"?
0
 
vmichAuthor Commented:
it test
krbtgt

No clue what they were ever used for..
0
 
vmichAuthor Commented:
Also the accounts are listed under the disabled accounts
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Larry Struckmeyer MVPCommented:
Those would not appear to be built in accounts.  If disabled, and you have a system state backup I believe they can be removed.  Disabled accounts have no use and would only be reactivated if the users returned to duty.  

Maybe check their group memberships and see if you can trace down what they might have been used for.
0
 
vmichAuthor Commented:
When I try to delete them it keeps telling me that builtin accounts cannot be deleted. Even tired via adsiedit but no go..
0
 
noxchoGlobal Support CoordinatorCommented:
Built in accounts do not have such names. System or Administrator are built in accounts.
0
 
vmichAuthor Commented:
I know that that's why I don't understand why it is saying I can delete them because they are built in accounts
0
 
Larry Struckmeyer MVPCommented:
Can you move them?
0
 
vmichAuthor Commented:
yes it lets me move them....
0
 
Gabriel CliftonCommented:
Do not delete krbtgt, http://windowsitpro.com/security/q-what-krbtgt-account-used-active-directory-ad-environment
I think the account is disabled by default. Just need to worry about it test.
0
 
vmichAuthor Commented:
Awesome find thanks..
Just need to figure out how to delete the it test account...
0
 
Gabriel CliftonCommented:
Does the IT Test account have any additional information with it like description or user logon name? I have found that you can rename a builtin account.
0
 
vmichAuthor Commented:
No it does not have any description with it but for the login in it says it@xxxxxxxx
where the x'x are is their domain name...
0
 
Gabriel CliftonCommented:
Are you able to go into the properties of the account, go to security, add yourself and give yourself full control, then delete.
0
 
Gabriel CliftonCommented:
Here is a find. A list of all true AD builtin accounts and their SIDs. Check this and see if it was another account renamed / repurposed. http://support.microsoft.com/kb/243330
0
 
vmichAuthor Commented:
You got it right again...
It has the beginning sid number for the administrator account so that is why I can delete it. I guess some one renamed it to it test at some point..
Thanks for all your info..
0
 
vmichAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for vmich's comment #a40368390

for the following reason:

account was an administrator account before found via sid...
0
 
vmichAuthor Commented:
Sorry I clicked on my own instead of yours Clifton for the solution...
How do I change that?
0
 
Gabriel CliftonCommented:
Object, Author states clicked on wrong comment to accept as solution.
0
 
vmichAuthor Commented:
Yes I just sent the moderator the same so that I can resolve this..
Sorry for my screw up
0
 
Gabriel CliftonCommented:
No problem, it happens.
0
 
vmichAuthor Commented:
account was an administrator account before found via sid...
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 12
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now