Removing SharePoint Managed Accounts

By James|03/29/2013|, ,

When removing SharePoint managed accounts, there is a right way and a wrong way ...

The Right Way

  • Use Central Admin GUI or "Remove-SPManagedAccount -Identity domain\user" PowerShell cmdlet  to delete the managed account
  • Delete the account from Active Directory

The Wrong Way

  • Delete the account from Active Directory before removing the managed account from SharePoint

If the account is removed from Active Directory before being removed from SharePoint, administrative functions that rely on enumerating/manipulating the managed accounts will fail.  For example, when clicking on "Configure service accounts" the following error would be displayed: Some or all identity references could not be translated.

To resolve the issue, the deleted Active Directory account must first be recovered using the LDP tool.  Creating a new account with the same name will not work as the SharePoint managed account is tied to the unique security ID of the deleted Active Directory account.  The following article explains manually recovering items in Active Directory using LDP: http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm.  Once the account has been restored, it can then be removed from SharePoint, and then removed from Active Directory.

Copyright 2011 - 2024 The Lazy IT Admin | All Rights Reserved
menu-circlecross-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram