This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

CryptoPolicy user account(s)

Question
0

Sign in to vote

I just finished installed ADFS. I noticed it created 2 users named CryptoPolicy. They have different GUIDs so having 2 users with the same name is not my question. My issue is I have an automated script that runs every day to add/disable/move user accounts. It looks at the employeeID attribute to determine if it is a staff member or not. The CryptoPolicy users have '365' as an entry in the employeeID attribute. Will I break ADFS if I were to clear this setting?

Monday, February 6, 2017 4:12 PM

Answers

1

Sign in to vote
Those are not users but contact objects.

Do not touch them.

By default only the ADFS service account and the administrators of the domain can read them. So unless your script is running with high privileged (which would be bad anyways) you don't have to worry. Just let them live :)

Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Edited by Pierre Audonnet [MSFT]Microsoft employee Monday, February 6, 2017 11:27 PM
- Marked as answer by strensnick Wednesday, February 8, 2017 2:42 PM
Monday, February 6, 2017 11:27 PM