Share via

Remove users that don't exist anymore

Nick Loenders 51 Reputation points
2023-01-19T14:26:19.0066667+00:00

Hi, we have a Microsoft / Office 365 tenant and control our users in there. The laptops are deployed via Endpoint Manager and the first time installed and logged in with the global administrator of the tenant, so the laptop is joined to the domain in endpoint manager (intune) and that global admin is at that moment the local admin of the laptop.

So when a normal user account logs in to the laptop afterwards, he/she cannot install anything without the administrator enters his pincode in the UAC.

However, laptops sometimes are passed on to new users, when the users retire. The accounts are then deleted in Microsoft 365, but on the laptop these accounts still exist. You can remove them from c:\users folder, but that is it.

That is all fine.

But when like 10 users have had the laptop in use. these 10 users are still seen when the admin window pops up to enter the pincode when needed to install a program. Not all programs or edits are done by intune yet....

Now, how can I remove those users from that window?

Window example:

User's image

So here it is only Nina and the adminaccount.

But what if besides Nina, there were more (older) users... ?

Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other

Locked Question. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Loenders 51 Reputation points
    2023-01-23T10:09:15.6133333+00:00

    Hi, yes I could wipe the device. But then I would have to re-add it again to the domain/tenant.

    Off course this is the cleanes way. But it is a little overkill as it is just another user using the same laptop. Everything is fine with the laptop. I just want to remove the users that are not using the laptop anymore OR do not exist anymore.

    I could try using "net user USERNAME /delete" but I don't know if the system even knows the user as it is not just a local user (I would guess). I'll try as soon as I get can my hands on a system.

  2. Limitless Technology 45,181 Reputation points
    2023-01-23T08:40:49.25+00:00

    Hello there,

    Are these users given local admin rights ?

    By using the Retire or Wipe actions, you can remove devices from Intune that are no longer needed, being repurposed, or missing. Users can also issue a remote command from the Intune Company Portal to devices that are enrolled in Intune.

    Remove devices by using wipe, retire, or manually unenrolling the device https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe

    This article explains how to remove an orphaned device in Intune if its owner has been deleted from Azure Active Directory (Azure AD). https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-management/orphaned-device-upn-shown-as-none

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments
  3. Jordi Rojas 271 Reputation points
    2023-01-19T16:59:05.5033333+00:00

    The correct procedure to transfer and reusing the old computer would be refresh the computer before deliver to the new user.

    You can use Intune/MDM to accomplish the task or execute manually (refreshpc /cleanpc) and use Autopilot to execute ESP with new settings configured for the new user.

    If you only want to avoid to appears the old users account you can delete it with "net user USERNAME /delete" command (scripted or manually).