none
Remove Security Account RRS feed

  • Question

  • In SCCM under Administration > Security > Accounts there is an account listed whose Description says it is used as an "Active Directory group discovery agent" that I am trying to remove. I have made sure that the account is not being used in any of the discovery scopes under "Active Directory Group Discovery." I have even tried removing all discovery scopes and the account still shows up and I am unable to remove it. How can I remove this account? 
    Tuesday, April 14, 2015 4:02 PM

Answers

  • Hi,

    You must directly delete the discovery scope record within the "specify an account".

    Based on my test, you need to recall the name of the old discovery scope and recreate the scope, then remove the account from the scope. The account name will back to Not configured and you can delete it.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Tony Chirillo Monday, April 20, 2015 1:15 PM
    • Marked as answer by jvander1 Thursday, April 23, 2015 1:09 PM
    Monday, April 20, 2015 7:23 AM
    Moderator

All replies

  • This is odd to me, and we use ADGD. Will you post a screen shot? --Tony
    Tuesday, April 14, 2015 4:27 PM
  • Have you checked in the location mentioned here: https://technet.microsoft.com/en-au/library/8b98da46-3204-4393-85fc-4240be1344d2#BKMK_ConfigADDiscGeneral Specify an Active Directory Domain or Location to search: If you selected Groups, specify one or more Active Directory groups to be discovered. If you selected Location, specify an Active Directory container as a location to be discovered. You can also enable a recursive search of Active Directory child containers for this location. Specify the Active Directory Group Discovery Account that is used to search this discovery scope.
    Wednesday, April 15, 2015 2:14 AM
  • Hi,

    When the accout is not being used in SCCM.

    The value of Account Name is "Not configured" then you can delete the account.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 15, 2015 8:54 AM
    Moderator
  • Ahh, he must be referring to the account that is created for the administer that installs SCCM. This one can not be deleted.

    Wednesday, April 15, 2015 4:40 PM
  • Here is a screen shot of the account I am attempting to remove. Under "Account Name" it says, "Active Directory group discovery agent." At one time I did use this account for group discovery but have since removed it. I went through all of the discovery scopes and verified that this account is not being used in any of the scopes.

    Friday, April 17, 2015 7:08 PM
  • Is the actual user name an admin ID of such or is it a resource account? I have a feeling it is the default account that was used to install SCCM, which can't be removed. However, I might be wrong. In my production and test environments the first account listed is such, so I am assumeing that to be the case with your environment. That account can not be deleted. Just not sure why the account name for me shows "not configured" whereas your has something else.
    Friday, April 17, 2015 9:36 PM
  • Hi,

    You must directly delete the discovery scope record within the "specify an account".

    Based on my test, you need to recall the name of the old discovery scope and recreate the scope, then remove the account from the scope. The account name will back to Not configured and you can delete it.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Tony Chirillo Monday, April 20, 2015 1:15 PM
    • Marked as answer by jvander1 Thursday, April 23, 2015 1:09 PM
    Monday, April 20, 2015 7:23 AM
    Moderator
  • Ahh, that makes sense now. No wonder I did not see it a new account in my list of accounts. In my ADGD I am using the site servers computer account. If an account is specified then it will show up.  -Tony
    Monday, April 20, 2015 1:15 PM
  • Hi,

    am also facing same issue, any solution?

    said account not configured in any discovery scope. 

    Tuesday, April 18, 2017 12:28 PM