Can't delete admin user in High Sierra

Thank You!

This worked for me. To also repeat the solution in this thread:

From the Terminal call

sudo mv /var/db/auth.db /var/db/auth.db.old

and reboot to force a rebuild of /System/Library/Security/authorization.plist.

After this, the delete symbol in the user system settings was, in my case, not greyed out anymore and I was able to regularly delete the unwanted user.

I was having the same problem, but did find a solution at this site:

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

The only way that worked for me was with option #7 using Directory Utility. The only change from the instructions on the site is that when it says you go to Edit - Delete Account you actually just need to click on the little minus sign at the bottom of the list. Also the list contains a bunch of stuff you're not suppose to delete so make sure you just scroll through the list and find the Username to the admin account you want to delete. After I deleted the account I was having issues with I just logged out and it was gone!

Hey, i had same problem, but i fixed now.

First thing first, you need to login with the user that OSX have been installed, and allow the user that you want to remain to decrypting your hard disk. After that, just log out, login with your user, and delete the old user account.

If my english it's not to good, here it's the link and paragraph where I find this solution

http://www.hawkdive.com/2017/01/unable-to-delete-managed-user-account.html

9. You may not be able to delete a user account if it was used to turn the filevault on for encrypting the hard drive. So every time you restart the computer you will have to first decrypt the hard drive using the same account before you can login to any other user account. Turn the filevault Off first before you can delete the affected account.

The methode for me was to change the UUID of admin using the Directory Utility, restart (important) en after this i could delete the admin account which was the first one before migrating an older iMac's data.

For those who haven't been able to get the UUID trick to work, which I wasn't able to at first, I have a possible tip.

When first attempting to delete the original account, I unchecked "Allow user to administer this computer" thinking it'd make it able to be deleted. It didn't of course, so I came to this thread and discovered the UUID (or GenID) trick. But alas, that too didn't work.

After a full shutdown and restart, hoping to flesh out the gremlin, I logged into the original account. I went into Users & Groups and clicked the padlock. Since I previously removed Admin access to this account, I had to login with the new admin account credentials. I then re-checked "Allow user to administer this computer".

I logged out, logged in as the new admin account, went to Users & Groups...then BOOM. The "-" minus button was no longer greyed out.

I don't believe the checking/unchecking itself was responsible, but perhaps it needed to be Admin again for the GenID/UUID trick to work.

Worth a shot.

Not sure if this will help, however, after spending a lot of time searching the Apple forums for the answer for wanting to delete an Admin in MacBook Air. Not sure, but am assuming it will work for Pro as well. It actually is quite simple. Hope this helps.

If you have 2 Admin accounts and you are wanting to delete one:

First, you must restart your computer so that your Login page pops up showing both Admin avatars.

Both Admins are going to appear and will have red check marks under them. (This is why skipping this step will only bring you to the "grayed box" in Users and Groups). MAC thinks both are in use.

Uncheck to Admin you wish to delete.

Now go to Apple Menu>System Preferences>Users & Groups>Unlock the padlock down at the bottom left of the screen>Since the Admin is now not in use you will see it is black>Click on it>Go to the bottom of the page and click on the minus sign ➖ to remove it.

I then restarted my computer so changes would be sure to take effect.

Once again, I hope this helps someone having the same issue, if not, please disregard.

UPDATE ---- > This did work. I Shutdown. Then Restarted. Logged back into my new account, and was able to delete the original Admin. Thanks

I managed to remove initial the user account i've created before migration, with these steps (might i add this is a really barbaric method):

Check which user account is the main crypto user of your disk, just to be sure.

1. Open Directory Utility, Authenticate with admin user and under "Edit" enable root, and set password for it.
2. In Directory editor find your initial user account, copy, and then change a digit in its GeneratedUID.
3. Find your migrated user account, and replace its GeneratedUID with the initial account's.

After this step, you need to go to back to terminal, and update your pre boot volume: diskutyl apfs updatepreboot [main boot container (disk1s1).

If all goes well, you should see the line: Correlated APFS crypto user with with Open Directory User (UUID) aka "migrated user"

After that, you should be able to remove the initial user account from Directory Utility.

Hello,

I came across the same problem and was about to use PepeMac suggestion, then I tried again to delete the original account, but waited about 2 or three minutes before closing the Users and Groups window, so the confirmation message appeared and it worked out!

After everything else failed, including the PepeMac answer, I could not change the GeneratedUID digit (got some error, can't remember). I did the most simple thing.

Went to MacHD/users/ (replace MacHD with whatever you named you hard disc) and simply moved the user I wanted to the trash.

Then, after restart, I went back to System Preferences and was able to remove the user (placeholder leftover really) from the System Preferences with the ➖ sign.

It is simply U N B E L I E V A B L E to get stuck like this. Shame!!

Spent hours trying to remove personal account from a work computer. Just terrible.

I got the same problem and tried all solutions here, not working, but these solutions are very helpful which I base on them to build up a solution that work for me. I typed the detail instructions but accidentally close Safari, so I put my idea in short, the idea is change the affected username (which you want to remove) to look like a guest user as much as possible:

- Take ownership of the /users/affected_username (the username that you want to remove) using Finder or Terminal sudo command (see instructions in one of the responses). Use Finder to change the name of this folder to match with Home directory that you change in step below.

- In users and groups, right click and change the affected username -> Advanced Options -> to have all the fields change to another similar 'guest' user as much as possible (you can enable the guest user, get the idea, then change) including User ID, Group, Account Name, Full name, Home directory

- Change the Unique ID of the affected username using Directory Utility -> Directory Editor to another number (like 2020)

- Save everything, log off, restart, log on with your admin user name

- Go to Users and Groups again, and hope you see the minus sign "-" enabled again for you to delete the annoying username. Good luck!

I have the same problem. System Preferences won't enable the minus button when the admin user account in question is highlighted, the terminal command that you used gives me the same error you got, and the directory utility fails to delete the user even though it gives no error indication in the GUI. However in the system log the directory utility leaves the following message:

Couldn't delete record "g" of type "dsRecTypeStandard:Users": Error Domain=com.apple.OpenDirectory Code=4001 "Attempting to delete the last FileVault capable user" UserInfo={NSLocalizedDescription=Attempting to delete the last FileVault capable user, NSLocalizedFailureReason=Operation was denied because the current credentials do not have the appropriate privileges.}

g is the name of the temporary admin user in my case. This lead me to also try enabling FileVault (I did not have it enabled previously) which fails with the following message:

Authentication server refused operation because the current credentials are not authorized for the requested operation.

I tried this in the migrated user account. I don't suppose this gives anyone a hint as to what's going on and how to fix it so I can get rid of the temporary account.

-Greg

This works so well!! It's the gen-id. https://medium.com/@ambroselittle/cant-delete-original-admin-user-on-macos-high- sierra-1d79fb438246

Other solutions didn't work for me but @huetheapple's did ( Re: Can't delete admin user in High Sierra).

The Medium article in @PepeMac's accepted solution singled out a possibly duplicated admin UID. My situation had the same symptom/error message as the OP but both the Admin account and the one I was trying to delete did not share anything in common but changing a single digit in the UID of the account I was trying to delete enabled the Delete ➖ icon. In any case the accepted solution was still the basis of what worked for @huetheapple and myself.

I have the same problem. Delete file '/private/var/db/dslocal/nodes/Default/users/$(username_you_want_to_delete).plist', and the issue can be solved.