Remove an Active Directory service account.
Syntax
Remove-ADServiceAccount [-Identity] ADServiceAccount
[-AuthType {Negotiate | Basic}] [-Credential PSCredential]
[-Partition string] [-Server string]
[-Confirm] [-WhatIf] [CommonParameters]
Key
-AuthType {Negotiate | Basic}
The authentication method to use: Negotiate (or 0), Basic (or 1)
A Secure Sockets Layer (SSL) connection is required for Basic authentication.
-Credential PSCredential
A user account that has permission to perform this action.
The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
in which case the account associated with the drive is the default.
"MSAccount64" or "Domain01\MSAccount64" or a PSCredential object.
-Identity ADServiceAccount
An AD service account object, specified with one of the following values.
(The identifier in parentheses is the LDAP provider name for the attribute.)
Distinguished Name
Example: CN=WebAccount,CN=ManagedServiceAccounts, DC=corp,DC=SS64,DC=com
GUID (objectGUID)
Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
Security Identifier (objectSid)
Example: S-1-5-21-3165297888-301567370-576410423-1103
Security Accounts Manager (SAM) Account Name (sAMAccountName)
Example: WebAccount$
The cmdlet searches the default naming context or partition to find the object.
If two or more objects are found, the cmdlet returns a non-terminating error.
This parameter can also get this object through the pipeline or you can set this
parameter to an object instance.
This example shows how to set the parameter to a distinguished name.
-Identity "CN=WebAccount,CN=ManagedServiceAccounts,DC=corp,DC=SS64,DC=com"
This example shows how to set this parameter to a group object instance named "accountInstance".
-Identity $accountInstance
-Partition string
The distinguished name of an AD partition.
string must be one of the naming contexts on the current directory server.
The cmdlet searches this partition to find the object defined by the -Identity parameter.
Examples:
-Partition "CN=Configuration,DC=Europe,DC=Test,DC=SS64,DC=com"
-Partition "CN=Schema,CN=Configuration,DC=Europe,DC=Test,DC=SS64,DC=com"
In many cases, a default value will be used for -Partition if no value is specified.
-Server string
The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
NetBIOS name or Fully qualified directory server name (with or without port number).
Examples: demo.SS64.com demo demoDC02.demo.ss64.com demoDC02.demo.ss64.com:3268
-Confirm
Prompt for confirmation before executing the command.
-WhatIf
Describe what would happen if you executed the command, without actually executing the command.
Remove-ADServiceAccount removes an AD service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the
target computer but still exists in the directory.
The -Identity parameter specifies the AD service account to remove. Identify a service account
by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. Alternatively set the -Identity parameter to a service account object variable, or pass a service account object through the pipeline. For example, from Get-ADServiceAccount.
Note: Removing the service account is a different operation than uninstalling the service account locally.
Remove the service account named 'SS64':
PS C:\> Remove-ADServiceAccount -Identity SS64
Remove all service accounts with names that start with 'SQL':
PS C:\> Get-ADServiceAccount -Filter {Name -like 'SQL*'} | Remove-ADServiceAccount
“If you want to know the end, look at the beginning” ~ African Proverb
New-adServiceAccount - Create a new AD service account.
Set-adServiceAccount - Modify an AD service account.
Uninstall-adServiceAccount - Uninstall an AD service account from a computer.
Remove-adComputerServiceAccount Remove one or more service accounts from a computer.
Active Directory Management Gateway Service - Required to manage AD Domain Services with PowerShell.
docs.microsoft.com - Configure Standalone and Group Managed Service Accounts.