Monday, January 9, 2017

Unable to delete managed user account from Mac


Unable to delete one of the user accounts from system preferences?? Strange 😲!!! isn't it?

Users are like different accounts with their own settings and privileges in OS X system. If you have multiple users for your Mac, you should set up an account for each person so that each can personalize their settings and options without affecting the others. If you are the primary user who manages the computer then you should be an administrator on your Mac.Users are further divided into multiple categories ( Standard, Admin, Managed and Sharing only ) depending upon the rights and privileges assigned to them which are managed from Users and Groups option under System Preferences. You can add or remove a user from Users and Groups under system preferences. However, sometimes if you try to delete an account, the system may become so stubborn and refuses to allow this action, so the account reappears when you next launch the system preferences or it does not allow you to delete one of the accounts at all because the delete button ( a minus sign ) at the bottom of the list of Users stays grayed out even after opening the security lock.One of the such incidents happened to me when I tried to delete one of the managed accounts (Account with parental controls) on my Mac. I was not able to delete the managed user account from my Mac until I did some research and found a solution. Initially I tried to delete it in safe mode and also from terminal but that did not help and the managed user account could not be deleted.
Unable to delete managed user account from Mac
Unable to delete managed user account from Mac
There could be multiple reasons of user account not being deleted. Read through the steps mentioned in this post to learn all possible reasons but the major reason why I was unable to delete managed user account was related to directory Utility. This type of problem generally occurs when the system preferences cannot properly access the system directory or the directory utility, which stores the information used during the authorization phase of Mac OS X login like the user's user identification number (UID), the user's group identification number (GID), the user's home directory and a user's group membership information.

Directory Utility is a local or network database that Apple uses to store configuration information of Users and Policies. It works on LDAP ( Lightweight Directory Access Protocol ) and is very similar to Windows Active Directory. It is found in /System/Library/CoreServices/Directory Utility.app on OS X Maverics ( OS X 10.9 ) or below, while, the Yosemite ( OS X 10.10 ) and above has it in /System/Library/CoreServices/Applications folder. You can also access it from Users and Group under system preferences. Select Login Options down at the bottom and click Join button under Network Account Server then click on "Open Directory Utility".
Open Directory utility if Unable to delete a user account from Mac
Open Directory utility if Unable to delete a user account from Mac

Or you can click on Go at the top menu bar in finder and select Go to Folder... and type the below address:
/System/Library/CoreServices/Applications/Directory Utility.app
Restriction in user deletion may also happen due to file corruption or permissions faults resulting from system software update, restoring the system from Time Machine backup or other major changes in system settings.

If you are experiencing the same problem when trying to remove user accounts on your system or unable to delete one of the user accounts / managed user account, try the following steps. Please follow the steps in the same order as it is written.

Before we start, remember this is an issue where you do not get the option to delete an account due to restriction in terms of permissions so do not confuse this issue with " unable to delete a user account due to home folder not being deleted".

Issue :
(1). When you try to delete a user account through the Users & Group panel in System Preferences the delete button "-" associated with the particular user is grayed out. 

(2). When you delete the user account from system preferences the account is deleted and disappeared from system preferences but comes back as soon as system preferences is re-opened or system is restarted.


Solution :

How to fix restriction in user deletion or if you are unable to delete a managed user account on your Mac?

1). Make sure that you are not trying to delete the same user account, you are logged into.You can't force delete a currently logged in user. Logoff the account if it is logged in and login with other admin account then try to delete the Managed user account and see if it works.If you are still unable to delete, move to the next step.

2). Make sure the user account you want to delete is not the only administrator account. If only one administrator account exists on the computer, you can not delete it, you can either change one of the other accounts to an administrator account or create a new administrator account then delete the old one.

3). Check if you have Fast User Switching enabled, turn it off from Login Options in Users & Groups, also disable auto login. Now try to select the managed user account or the one you wanted to delete. If you are still unable to delete managed or any other user account, move to the next step.
Troubleshoot restriction in a user account deletion from Mac
Troubleshoot restriction in a user account deletion from Mac

4). It might be caused by permission faults. Repair disk permissions using Disk Utility, select the boot volume, and click repair permissions, quit Disk Utility, log out and log back into the admin account, and try again. If you are still unable to delete the user accounts move to the next step.

5).  Enable Root user account: You might want to logon as root and delete the affected user account or managed account as root account has a special privilege that it can delete any user or its associated files. In order to logon as root, you must first enable the root account. Select the Login Option in Users & Groups applet in system preferences > Click on Join button > Click Open Directory Utility > Click on the Edit menu and select " Enable Root User" > Enter a new password for the Root User and confirm it.
Enable root if unable to delete managed user account from Mac
Enable root if unable to delete a user account from Mac
Now logout from the current user and select Others at login screen to logon with root user by entering the username as root and the new password that you just reset.
Enable root if unable to delete a user account from Mac
Enable root if unable to delete a user account from Mac
Once you are logged in as root, go to the Users & Groups under system preferences and try to delete the affected user account or the managed user account and see if it works. It you are still unable to delete the account move to the next step.

6). Create a third user account with admin privilege. Login with the new administrator and try to delete the affected user account. Many users have reported to fix this restriction in user account deletion by using new administrator account.Creating a new user account on the affected system may fix problems with the directory, as this will write a new node to the directory and perhaps enforce the default permissions and policies for the system to access it properly. Move to the next steps it you still have restriction in user account deletion.




7). Delete the user account from Directory Utility : For decades,Apple has been using Directory Utility to store Users database. It used to be known as Netinfo Manager ( Located under /Application/Utilities/) until Mac OS X Tiger (Ver. 10.4) and with the release of  Mac OS X Leopard (version 10.5), Apple replaced it with Directory Utility and moved it to /System/Library/CoreServices/Directory Utility.app up until OS X Maverics ( OS X 10.9 ) and with the release of  Yosemite ( OS X 10.10 ), Apple moved it again to /System/Library/CoreServices/Applications folder. Also along with the elimination of Netinfo Manager app, the command line "ni" to manage directory services was replaced with "dscl". Directory Utility can directly edit any user's database, remove any user account or change its properties. You can also use dscl ( Directory Services Command Line) to access the database and change or delete any user account properties. So alternatively, bypass the system preferences when you are unable to delete a managed user or any other user account, and instead use the Directory Utility tool.

Open Directory Utility from Users & Groups in System Preferences as mentioned in step 5. Or you can click on Go at the top menu bar in finder and select Go to Folder... and type the below address:
/System/Library/CoreServices/Applications/Directory Utility.app
Use directory Utility to delete a user account from Mac
Use directory Utility to delete a user account from Mac
Once the Directory Utility app is opened, click on the Directory Editor on the top. Open the security lock by providing the administrator password, select Users under Viewing option and /Local/Defaults under "in node" option, now select the user account you want to delete, and Click on the Edit menu and select>Delete. Be very careful and don't delete any other user account or you could really screw things up. Hawdive.com will not be responsible for any screw-ups.
Use directory Utility if Unable to delete a user account from Mac
Use directory Utility if Unable to delete a user account from Mac

Alternatively, You can use Terminal command for Directory Services to Delete a User Account
Type the following command to list all users.

$ sudo dscl . list /Users

A dot in the above command refer to the local Directory Services. This command will list all the users including hidden system accounts for running various services. Note down the short name of the account you are unable to delete.

Delete the account
With the account name confirmed, type the following command in the Terminal to delete the account directory entry from your system:

sudo dscl . -delete /Users/Account_name

In this command, replace the word "Account_name" with the account name you found and confirmed in above step.After the account is deleted, the user's home folder will still be on the disk in the /Macintosh HD/Users directory. At this point you can simply delete the directory to fully remove all items that were associated with the removed account.

8). You may not be able to delete a manged or other user account also because your account does not have permissions or rights on other account's files or folder. if that is the case you will need to take the ownership of their files and folder. you can use BatChmod ( a utility for manipulating file and folder privileges in Mac OS X) or manual command lines to take the ownership.

Type the following command to take the ownership of all the files and folder of the affected user. Just replace Your_Account_Name to your own short user account name and Affected_UserName to the short name of affected user account or managed account.
> Sudo chown Your_Account_Name:Staff /Users/Affected_UserName/*

Now reboot your Mac and try to delete the user account using any of the above methods and do let me know whether you are able to delete the user account or not.

9. You may not be able to delete a user account if it was used to turn the filevault on for encrypting the hard drive. So every time you restart the computer you will have to first decrypt the hard drive using the same account before you can login to any other user account. Turn the filevault Off first before you can delete the affected account.

*******End of the Article********

incoming search term
unable to delete user account, restriction in user deletion on mac, unable to delete managed user account,change managed account to admin mac,how to delete a stubborn user account on mac, dierectory utility,BatChmod
Reactions:

0 comments:

Post a Comment