Hi Ralph,
I’m following up to check whether the issue has been resolved. If the information provided was helpful, please click "Accept Answer" to help others in the community. Thank you!
Cannot remove stuck work or school account from Windows 11
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 50%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Ralph Gilman
0
Reputation points
Support Request: Stale Work/School Account Cannot Be Removed (Surface Pro 9, Windows 11)
Written by Microsoft AI after 12 hours of trying all online deletes:
Subject:
Cannot remove stale Work/School account (envizz.com) from Windows 11 — persists after all identity stores cleared
This request was written by your AI Support after 12 hours of failures and many reboots.
My goal was:
- to use Gemini AI with many Word and other docs on OneDrive
- Move my account off of GoDaddy to Microsoft direct
- Since I do not need online OneNote access move from a Business to a Personal account.
- The envizz.com account is with Godaddy Business, so I understand it must be deleted to go personal.
- What AI Support s asking next seems dangerous so asking for your support, please - thanks.
Device:
Microsoft Surface Pro 9 (purchased 2024)
Windows 11 (fully updated)
Primary Microsoft Account:
Personal Microsoft Account (not envizz.com)
Summary of the Issue
A stale organizational account (******@envizz.com) remains visible under:
Settings → Accounts → Access work or school
The Disconnect button appears to work, but the account reappears after every reboot.
This is not a normal Azure AD join, MDM enrollment, or Workplace Join scenario.
The device is not joined to Azure AD, not registered, and not MDM‑enrolled.
This appears to be a corrupted or orphaned organizational identity stored outside the standard identity providers.
Symptoms
envizz.com account shows under Access work or school
Clicking Disconnect does nothing (account reappears after reboot)
In netplwiz, the account appears but Remove is disabled
Office apps were removed during troubleshooting
OneDrive/Teams/Office identities removed but issue persists
Diagnostics Already Performed
All standard and advanced identity stores have been checked and cleared:
✔ Credential Manager
All envizz.com, Office16, OneDrive, and SSO_POP credentials removed
✔ dsregcmd
IsDeviceJoined = NO
IsUserAzureAD = NO
IsWorkplaceJoined = NO
dsregcmd /leave produces no output (device not joined)
✔ Registry paths checked
IdentityCRL → no StoredIdentities
IdentityStore → no Logon → IdentityProviders
ProfileList → no AAD/Workplace/OrgId values
Enrollments → no envizz.com entries
AAD cache cleared via PowerShell
✔ PowerShell
Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\AAD | Remove-Item -Recurse -Force
→ Completed successfully, issue persists
✔ Reboots after each step
→ envizz.com account always returns
What I Believe Is Happening
This appears to be a Surface‑level Cloud Domain Join Broker cache or hardware‑bound organizational identity that:
Survives credential removal
Survives registry cleanup
Survives AAD cache reset
Survives dsregcmd
Survives Disconnect attempts
This is consistent with a corrupted identity binding created during initial OOBE or an orphaned CloudDomainJoin token.
This requires engineering‑level identity cleanup or profile reprovisioning.
What I Need
A Microsoft support engineer to:
Confirm whether the device has a hidden or corrupted CloudDomainJoin or WorkplaceJoin record not exposed in the UI
Provide the correct procedure or tool to remove the stale organizational identity
Confirm whether a profile reprovision or identity broker reset is required
Ensure that the device can safely re‑install Office and re‑attach only the personal Microsoft account
Goal
Remove the stale envizz.com organizational identity without wiping the device, and restore normal Microsoft 365 functionality.
Windows for business | Windows 365 Business
3 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Jason Nguyen Tran 17,840 Reputation points Independent Advisor2026-02-27T03:54:49.3033333+00:00 -
Jason Nguyen Tran 17,840 Reputation points Independent Advisor
2026-02-25T00:07:08.5933333+00:00 Hi Ralph Gilman,
What you’re seeing is consistent with a corrupted or orphaned organizational identity that was bound during the initial setup of the device. In these cases, the “Disconnect” option in Settings doesn’t fully clear the hidden CloudDomainJoin or WorkplaceJoin record. The supported way forward is to reset the account association at the profile level. This can be done by creating a new local or Microsoft profile on the device, migrating your data, and then removing the old profile that contains the stale identity. If you prefer not to rebuild the profile, another option is to perform a repair install of Windows 11, which refreshes the identity broker without wiping your files.
Once the stale account is removed, you can safely re‑install Office and re‑attach only your personal Microsoft account. This ensures that OneDrive, Teams, and Office apps will no longer attempt to authenticate against the envizz.com domain.
You can try the above steps and let me know the outcome. If this answer helps clarify the situation, I’d appreciate it if you could click “Accept Answer” so others with the same issue can find the solution.
Jason.
-
AI answer
2026-02-24T23:09:00.17+00:00 To resolve the issue of a stale work or school account that cannot be removed from Windows 11, you can try the following steps:
- Check for Hidden Accounts: Sometimes, accounts may not be visible in the standard UI. You can use the
dsregcmd /statuscommand to check the device's registration status and see if there are any hidden accounts. - Use PowerShell for Cleanup: Since you've already attempted to clear the AAD cache, ensure that you also check for any lingering identity entries in the registry. You can run the following PowerShell command to ensure all relevant identities are removed:
Make sure to check for any other related registry paths that might store identity information.Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\AAD | Remove-Item -Recurse -Force - Disconnecting the Account: You mentioned that clicking Disconnect does not work. Ensure you are logged in with an account that has administrative privileges when attempting to disconnect the work account.
- Profile Reprovisioning: If the issue persists, you may need to consider reprovisioning your user profile. This involves creating a new user profile and transferring your data to it, which can help eliminate any corrupted settings associated with the old profile.
- Contact Microsoft Support: Since this appears to be a deeper issue related to the Cloud Domain Join or a corrupted identity, it may be necessary to contact Microsoft support for engineering-level assistance. They can provide specific tools or procedures to clean up the identity records.
These steps should help you in addressing the stale organizational identity without wiping your device. However, if the problem continues, reaching out to Microsoft support is advisable for a more tailored solution.
References:
AI-generated content may be incorrect. Read our transparency notes for more information. - Check for Hidden Accounts: Sometimes, accounts may not be visible in the standard UI. You can use the