Member of adminstrator group stays as admin even though I removed it. Domain

Ilkin Joseph 1 Reputation point
2021-03-27T20:06:52.75+00:00

Cant remove admin rights for 1 account that was member of domain admins, and restrticted group (built-in admins), it is not a member of aforementioned groups anymore but this account can install and elevate as admin on domain joined comps in what I used it before. new domain joined comps dont recognize him as admin and asks for elevation. Is it some sort of cache or what else? confused(

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,717 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,812 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426K Reputation points MVP
    2021-03-27T21:39:53.877+00:00

    Might clear out Control Panel\User Accounts\Credential Manager

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-03-29T02:28:22.803+00:00

    Hi,
    Try to confirm if the admincount attribute of the user is still remain one, is yes ,change it back to zero .
    When a user / group is removed from a protected group, adminCount attribute value will remain equal to one (1). Also; the owner, ACLs and permission inheritance status (Enabled or Disabled) will remain the same. Change it manually.
    Logout and login in again to refresh the group membership.

    Best Regards,

    0 comments