Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

Deleting a user account

To delete a user account using the Windows interface
  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, click Users.

    Where?

    • Active Directory Users and Computers\domain node\Users

    Or, click the folder that contains the user account.

  3. In the details pane, right-click the user account, and then click Delete.

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • After a user account has been deleted, all permissions and memberships that are associated with that user account are permanently deleted. Because the security identifier (SID) for each account is unique, a new user account with the same name as a previously deleted user account does not automatically assume the permissions and memberships of the previously deleted account. If you want to duplicate a deleted user account, you must recreate all permissions and memberships manually.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Delete a User Account (http://go.microsoft.com/fwlink/?LinkId=138376). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references

To delete a user account using a command line
  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

    dsrm <ObjectDN>
    

Parameter Description

<ObjectDN>

Specifies the distinguished name of the user object to be deleted.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsrm /? 

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • After a user account has been deleted, all permissions and memberships that are associated with that user account are permanently deleted. Because the SID for each account is unique, a new user account with the same name as a previously deleted user account does not automatically assume the permissions and memberships of the previously deleted account. If you want to duplicate a deleted user account, you must recreate all permissions and memberships manually.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Delete a User Account (http://go.microsoft.com/fwlink/?LinkId=138376). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references