SCCM User account Relacement

Question

Hi,

In my infrastructure we have 1 only user account say “Bob” which has full administrative rights and also domain admin which is also used to setup config mgr.

We have now created 2 another users “Alex1” and “Alex2”, i need to remove all the dependency of this user “Bob” from SCCM.

Please guide what all steps needed to be taken care of additon of 2 new users from DB, AD level and SCCM point of view.

Thanks!

 

Answers ( 5 )

  1. Any update on this… are you able to fix the issue?

      0
      2020-06-20T13:55:34+05:30

      Apart from above changes suggested by karthikeyan and guru vaidya

      We also need to make following changes –
      Under Security>Accounts
      We also need to configure or replace access account privillages for client push installation, network access account, Active directory discovery acount , config mgr reporting service account etc and all the roles configured with previous id.

      I will definatley share a blog once i successfully replace the user admin account and share the same in blog post

    1
    2020-06-16T06:00:04+05:30

    Hi,

    For new 2 users. You need to get any access from AD level.

    for AD level – nothing required
    for SCCM DB level – 2 new users should have DB sysadmin privilege
    for SCCM – 2 new users should have full administrator privilege using RBAC
    both accounts should have administrator on those sccm server.

    Thanks
    Karthik

      0
      2020-06-16T06:19:58+05:30

      But what about accounts tab under security.
      I am unable to remove that old id as it is installation account of sccm server.
      Will that make some trouble if i remove admin privileges of old id.

    1
    2020-06-15T05:30:58+05:30

    List what permissions and security role is listed for user Bob in SCCM.

    Use RBAC option to configure or replicate the same permissions for other two users.

    Also on SQL – check the roles / permissions and replicate the same for other two users.

    I do not see a real requirement on AD side however it depends on like is you are using AD groups for deployment and user only user Bob has access to modify the AD groups then you may need to do the same for other users as well.

    Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .