SCCM User account Relacement
In my infrastructure we have 1 only user account say “Bob” which has full administrative rights and also domain admin which is also used to setup config mgr.
We have now created 2 another users “Alex1” and “Alex2”, i need to remove all the dependency of this user “Bob” from SCCM.
Please guide what all steps needed to be taken care of additon of 2 new users from DB, AD level and SCCM point of view.
Answers ( 5 )
Any update on this… are you able to fix the issue?
Apart from above changes suggested by karthikeyan and guru vaidya
We also need to make following changes –
We also need to configure or replace access account privillages for client push installation, network access account, Active directory discovery acount , config mgr reporting service account etc and all the roles configured with previous id.
I will definatley share a blog once i successfully replace the user admin account and share the same in blog post
For new 2 users. You need to get any access from AD level.
for AD level – nothing required
for SCCM DB level – 2 new users should have DB sysadmin privilege
for SCCM – 2 new users should have full administrator privilege using RBAC
both accounts should have administrator on those sccm server.
But what about accounts tab under security.
I am unable to remove that old id as it is installation account of sccm server.
Will that make some trouble if i remove admin privileges of old id.
List what permissions and security role is listed for user Bob in SCCM.
Use RBAC option to configure or replicate the same permissions for other two users.
Also on SQL – check the roles / permissions and replicate the same for other two users.
I do not see a real requirement on AD side however it depends on like is you are using AD groups for deployment and user only user Bob has access to modify the AD groups then you may need to do the same for other users as well.