Can't delete admin user in High Sierra

Thank You!

This worked for me. To also repeat the solution in this thread:

From the Terminal call

sudo mv /var/db/auth.db /var/db/auth.db.old

and reboot to force a rebuild of /System/Library/Security/authorization.plist.

After this, the delete symbol in the user system settings was, in my case, not greyed out anymore and I was able to regularly delete the unwanted user.

This looked like it was going to work. The "-" sign was active. I was able to click it. But nothing happened. I really need to delete the original account with all it's data. Any other suggestions, other than complete re-install and brute force through the Disk Util?

Thank you

I hope to be able to solve this issue for you and it seems to stem (in my case anyway) from using migration assistant. If you install the new operating system, create a new user account and login and then migrate there seems to be some sort of conflict. Quite what that conflict is I am not sure but I think it relates to the UID/USER ID and password.

You could try this and let me know if it works for you to help anyone else should they run into this issue.

1. LOG OUT of all accounts.

2. LOG IN to the account you wish to delete.

3. CHOOSE SYSTEM PREFERENCES>USERS & GROUPS

4. Click the Padlock and Authenticate.

5. Choose the account in the list that YOU WISH TO KEEP. Remember you should be currently logged into the account you wish to delete.

6. Click CHANGE PASSWORD and change the password of the account which you wish to keep to something else other than that which you were using.

7. LOG OUT of the account.

8. LOG BACK IN to the account you wish to keep with your new password.

9. GO BACK TO SYSTEM PREFERENCES>USERS & GROUPS, click the padlock, authenticate and hopefully when you click on the account you wish to delete the minus symbol will be available and you can simply remove the account.

10. Change your password back to your usual password if thats what you want to do.

Again please do let people know if this works to help others with the same issue. Similarly if it doesn't work for you please also let post and let people know.

Good luck and hopefully this will do the trick for you and any other people running into this issue.

All the best. 😉

Stefan

Other solutions didn't work for me but @huetheapple's did ( Re: Can't delete admin user in High Sierra).

The Medium article in @PepeMac's accepted solution singled out a possibly duplicated admin UID. My situation had the same symptom/error message as the OP but both the Admin account and the one I was trying to delete did not share anything in common but changing a single digit in the UID of the account I was trying to delete enabled the Delete ➖ icon. In any case the accepted solution was still the basis of what worked for @huetheapple and myself.

I managed to remove initial the user account i've created before migration, with these steps (might i add this is a really barbaric method):

Check which user account is the main crypto user of your disk, just to be sure.

1. Open Directory Utility, Authenticate with admin user and under "Edit" enable root, and set password for it.
2. In Directory editor find your initial user account, copy, and then change a digit in its GeneratedUID.
3. Find your migrated user account, and replace its GeneratedUID with the initial account's.

After this step, you need to go to back to terminal, and update your pre boot volume: diskutyl apfs updatepreboot [main boot container (disk1s1).

If all goes well, you should see the line: Correlated APFS crypto user with with Open Directory User (UUID) aka "migrated user"

After that, you should be able to remove the initial user account from Directory Utility.

I have the same problem. System Preferences won't enable the minus button when the admin user account in question is highlighted, the terminal command that you used gives me the same error you got, and the directory utility fails to delete the user even though it gives no error indication in the GUI. However in the system log the directory utility leaves the following message:

Couldn't delete record "g" of type "dsRecTypeStandard:Users": Error Domain=com.apple.OpenDirectory Code=4001 "Attempting to delete the last FileVault capable user" UserInfo={NSLocalizedDescription=Attempting to delete the last FileVault capable user, NSLocalizedFailureReason=Operation was denied because the current credentials do not have the appropriate privileges.}

g is the name of the temporary admin user in my case. This lead me to also try enabling FileVault (I did not have it enabled previously) which fails with the following message:

Authentication server refused operation because the current credentials are not authorized for the requested operation.

I tried this in the migrated user account. I don't suppose this gives anyone a hint as to what's going on and how to fix it so I can get rid of the temporary account.

-Greg

I was having the same problem, but did find a solution at this site:

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

The only way that worked for me was with option #7 using Directory Utility. The only change from the instructions on the site is that when it says you go to Edit - Delete Account you actually just need to click on the little minus sign at the bottom of the list. Also the list contains a bunch of stuff you're not suppose to delete so make sure you just scroll through the list and find the Username to the admin account you want to delete. After I deleted the account I was having issues with I just logged out and it was gone!

I am having the exact same problem.

Getting the same FileVault related error message in the log.

Even trying to delete the user as root via terminal yields a PermissionError which is ridiculous.

But I did not migrate any user via TimeMachine or the assistant.

I created the temporary user to change my main admin user‘s account name (following the official apple support thread on how to change an admins account name and home folder).

This is truly annoying.

Any help would be greatly appreciated.

Same issue - and I tried the hawkdive.com website and went through all the steps, to no avail. It's not a huge issue, but the OCD in me can't stand that I have 2 user accounts.... I've tried everything. Dropping it to a standard user, disabling everything, setting it completely up, upgrading, ugh... no idea. Send help, the obsessive compulsive is about to punch someone.

Hey, i had same problem, but i fixed now.

First thing first, you need to login with the user that OSX have been installed, and allow the user that you want to remain to decrypting your hard disk. After that, just log out, login with your user, and delete the old user account.

If my english it's not to good, here it's the link and paragraph where I find this solution

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

9. You may not be able to delete a user account if it was used to turn the filevault on for encrypting the hard drive. So every time you restart the computer you will have to first decrypt the hard drive using the same account before you can login to any other user account. Turn the filevault Off first before you can delete the affected account.

I got the same problem and tried all solutions here, not working, but these solutions are very helpful which I base on them to build up a solution that work for me. I typed the detail instructions but accidentally close Safari, so I put my idea in short, the idea is change the affected username (which you want to remove) to look like a guest user as much as possible:

- Take ownership of the /users/affected_username (the username that you want to remove) using Finder or Terminal sudo command (see instructions in one of the responses). Use Finder to change the name of this folder to match with Home directory that you change in step below.

- In users and groups, right click and change the affected username -> Advanced Options -> to have all the fields change to another similar 'guest' user as much as possible (you can enable the guest user, get the idea, then change) including User ID, Group, Account Name, Full name, Home directory

- Change the Unique ID of the affected username using Directory Utility -> Directory Editor to another number (like 2020)

- Save everything, log off, restart, log on with your admin user name

- Go to Users and Groups again, and hope you see the minus sign "-" enabled again for you to delete the annoying username. Good luck!

I’ve had the same problem with not being able to delete a user account, and I tried everything listed here and even my own troubleshooting. I took my MacBook into the store to get something else diagnosed- before I left I was about to ask the genius about it, went to show him the problem and the “-“ sign WAS NO LONGER GREYED OUT. Not sure what form of wizardry happened but it did. Perhaps it was something to do with the tests they ran. Maybe take it in? It worked for me.

hello, can you please type out the detailed version? i think i have the same exact issue as you. i've tried everything but nothing is working. it sounds very similar to your issue. i would really appreciate it. thanks.

@Narehate, I tried like everything here, but yours is the only solution that worked. I copied the generated user ID as noted, changed the original, and put that on my account.

For some reason your term command is wonky. Here's the one I used:

diskutil apfs updatePreboot disk1s1

That seems to have done it. Hopefully nothing blows up later!

Thanks.

Thank you Stefan2908! Your solution worked perfectly and ended days of frustrating attempts to delete the extra user. I had used migration assistant as you surmised. Nothing I tried worked, including Terminal. I couldn't think why your suggestion would work and it was with trepidation that I went back to Users & Groups in step 9. But there - finally - was the minus symbol. I clicked it and gladness ensued. 🙂