Can't delete admin user in High Sierra

I hope to be able to solve this issue for you and it seems to stem (in my case anyway) from using migration assistant. If you install the new operating system, create a new user account and login and then migrate there seems to be some sort of conflict. Quite what that conflict is I am not sure but I think it relates to the UID/USER ID and password.

You could try this and let me know if it works for you to help anyone else should they run into this issue.

1. LOG OUT of all accounts.

2. LOG IN to the account you wish to delete.

3. CHOOSE SYSTEM PREFERENCES>USERS & GROUPS

4. Click the Padlock and Authenticate.

5. Choose the account in the list that YOU WISH TO KEEP. Remember you should be currently logged into the account you wish to delete.

6. Click CHANGE PASSWORD and change the password of the account which you wish to keep to something else other than that which you were using.

7. LOG OUT of the account.

8. LOG BACK IN to the account you wish to keep with your new password.

9. GO BACK TO SYSTEM PREFERENCES>USERS & GROUPS, click the padlock, authenticate and hopefully when you click on the account you wish to delete the minus symbol will be available and you can simply remove the account.

10. Change your password back to your usual password if thats what you want to do.

Again please do let people know if this works to help others with the same issue. Similarly if it doesn't work for you please also let post and let people know.

Good luck and hopefully this will do the trick for you and any other people running into this issue.

All the best. 😉

Stefan

I was having the same problem, but did find a solution at this site:

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

The only way that worked for me was with option #7 using Directory Utility. The only change from the instructions on the site is that when it says you go to Edit - Delete Account you actually just need to click on the little minus sign at the bottom of the list. Also the list contains a bunch of stuff you're not suppose to delete so make sure you just scroll through the list and find the Username to the admin account you want to delete. After I deleted the account I was having issues with I just logged out and it was gone!

Hey, i had same problem, but i fixed now.

First thing first, you need to login with the user that OSX have been installed, and allow the user that you want to remain to decrypting your hard disk. After that, just log out, login with your user, and delete the old user account.

If my english it's not to good, here it's the link and paragraph where I find this solution

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

9. You may not be able to delete a user account if it was used to turn the filevault on for encrypting the hard drive. So every time you restart the computer you will have to first decrypt the hard drive using the same account before you can login to any other user account. Turn the filevault Off first before you can delete the affected account.

Not sure if this will help, however, after spending a lot of time searching the Apple forums for the answer for wanting to delete an Admin in MacBook Air. Not sure, but am assuming it will work for Pro as well. It actually is quite simple. Hope this helps.

If you have 2 Admin accounts and you are wanting to delete one:

First, you must restart your computer so that your Login page pops up showing both Admin avatars.

Both Admins are going to appear and will have red check marks under them. (This is why skipping this step will only bring you to the "grayed box" in Users and Groups). MAC thinks both are in use.

Uncheck to Admin you wish to delete.

Now go to Apple Menu>System Preferences>Users & Groups>Unlock the padlock down at the bottom left of the screen>Since the Admin is now not in use you will see it is black>Click on it>Go to the bottom of the page and click on the minus sign ➖ to remove it.

I then restarted my computer so changes would be sure to take effect.

Once again, I hope this helps someone having the same issue, if not, please disregard.

I managed to remove initial the user account i've created before migration, with these steps (might i add this is a really barbaric method):

Check which user account is the main crypto user of your disk, just to be sure.

1. Open Directory Utility, Authenticate with admin user and under "Edit" enable root, and set password for it.
2. In Directory editor find your initial user account, copy, and then change a digit in its GeneratedUID.
3. Find your migrated user account, and replace its GeneratedUID with the initial account's.

After this step, you need to go to back to terminal, and update your pre boot volume: diskutyl apfs updatepreboot [main boot container (disk1s1).

If all goes well, you should see the line: Correlated APFS crypto user with with Open Directory User (UUID) aka "migrated user"

After that, you should be able to remove the initial user account from Directory Utility.

Hello,

I came across the same problem and was about to use PepeMac suggestion, then I tried again to delete the original account, but waited about 2 or three minutes before closing the Users and Groups window, so the confirmation message appeared and it worked out!

After everything else failed, including the PepeMac answer, I could not change the GeneratedUID digit (got some error, can't remember). I did the most simple thing.

Went to MacHD/users/ (replace MacHD with whatever you named you hard disc) and simply moved the user I wanted to the trash.

Then, after restart, I went back to System Preferences and was able to remove the user (placeholder leftover really) from the System Preferences with the ➖ sign.

It is simply U N B E L I E V A B L E to get stuck like this. Shame!!

Spent hours trying to remove personal account from a work computer. Just terrible.

I got the same problem and tried all solutions here, not working, but these solutions are very helpful which I base on them to build up a solution that work for me. I typed the detail instructions but accidentally close Safari, so I put my idea in short, the idea is change the affected username (which you want to remove) to look like a guest user as much as possible:

- Take ownership of the /users/affected_username (the username that you want to remove) using Finder or Terminal sudo command (see instructions in one of the responses). Use Finder to change the name of this folder to match with Home directory that you change in step below.

- In users and groups, right click and change the affected username -> Advanced Options -> to have all the fields change to another similar 'guest' user as much as possible (you can enable the guest user, get the idea, then change) including User ID, Group, Account Name, Full name, Home directory

- Change the Unique ID of the affected username using Directory Utility -> Directory Editor to another number (like 2020)

- Save everything, log off, restart, log on with your admin user name

- Go to Users and Groups again, and hope you see the minus sign "-" enabled again for you to delete the annoying username. Good luck!

I have the same problem. System Preferences won't enable the minus button when the admin user account in question is highlighted, the terminal command that you used gives me the same error you got, and the directory utility fails to delete the user even though it gives no error indication in the GUI. However in the system log the directory utility leaves the following message:

Couldn't delete record "g" of type "dsRecTypeStandard:Users": Error Domain=com.apple.OpenDirectory Code=4001 "Attempting to delete the last FileVault capable user" UserInfo={NSLocalizedDescription=Attempting to delete the last FileVault capable user, NSLocalizedFailureReason=Operation was denied because the current credentials do not have the appropriate privileges.}

g is the name of the temporary admin user in my case. This lead me to also try enabling FileVault (I did not have it enabled previously) which fails with the following message:

Authentication server refused operation because the current credentials are not authorized for the requested operation.

I tried this in the migrated user account. I don't suppose this gives anyone a hint as to what's going on and how to fix it so I can get rid of the temporary account.

-Greg

Other solutions didn't work for me but @huetheapple's did ( Re: Can't delete admin user in High Sierra).

The Medium article in @PepeMac's accepted solution singled out a possibly duplicated admin UID. My situation had the same symptom/error message as the OP but both the Admin account and the one I was trying to delete did not share anything in common but changing a single digit in the UID of the account I was trying to delete enabled the Delete ➖ icon. In any case the accepted solution was still the basis of what worked for @huetheapple and myself.

Thank You!

This worked for me. To also repeat the solution in this thread:

From the Terminal call

sudo mv /var/db/auth.db /var/db/auth.db.old

and reboot to force a rebuild of /System/Library/Security/authorization.plist.

After this, the delete symbol in the user system settings was, in my case, not greyed out anymore and I was able to regularly delete the unwanted user.

This looked like it was going to work. The "-" sign was active. I was able to click it. But nothing happened. I really need to delete the original account with all it's data. Any other suggestions, other than complete re-install and brute force through the Disk Util?

Thank you

I am having the exact same problem.

Getting the same FileVault related error message in the log.

Even trying to delete the user as root via terminal yields a PermissionError which is ridiculous.

But I did not migrate any user via TimeMachine or the assistant.

I created the temporary user to change my main admin user‘s account name (following the official apple support thread on how to change an admins account name and home folder).

This is truly annoying.

Any help would be greatly appreciated.

Same issue - and I tried the hawkdive.com website and went through all the steps, to no avail. It's not a huge issue, but the OCD in me can't stand that I have 2 user accounts.... I've tried everything. Dropping it to a standard user, disabling everything, setting it completely up, upgrading, ugh... no idea. Send help, the obsessive compulsive is about to punch someone.