locked
CryptoPolicy user account(s) RRS feed

  • Question

  • I just finished installed ADFS. I noticed it created 2 users named CryptoPolicy.  They have different GUIDs so having 2 users with the same name is not my question.  My issue is I have an automated script that runs every day to add/disable/move user accounts.  It looks at the employeeID attribute to determine if it is a staff member or not.  The CryptoPolicy users have '365' as an entry in the employeeID attribute.  Will I break ADFS if I were to clear this setting?
    Monday, February 6, 2017 4:12 PM

Answers

  • Those are not users but contact objects.

    Do not touch them.

    By default only the ADFS service account and the administrators of the domain can read them. So unless your script is running with high privileged (which would be bad anyways) you don't have to worry. Just let them live :)


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Monday, February 6, 2017 11:27 PM