NetRemoveServiceAccount function

The NetRemoveServiceAccount function deletes the specified service account from the Active Directory database if the account is a standalone managed service account (sMSA). For group managed service accounts (gMSAs), this function does not delete the account from the Active Directory database. The secret stored in the Local Security Authority (LSA) is deleted for both sMSAs and gMSAs, and the state is stored in the Netlogon registry store.

This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Logoncli.dll.

Syntax

NTSTATUS NetRemoveServiceAccount(
  LPWSTR ServerName,
  LPWSTR AccountName,
  DWORD  Flags
);

Parameters

ServerName

The value of this parameter must be NULL.

AccountName

The name of the account to be deleted.

Flags

This parameter can have the following value.

Value Meaning
SERVICE_ACCOUNT_FLAG_UNLINK_FROM_HOST_ONLY
0x00000001
For sMSAs, the service account object is unlinked from the local computer and the secret stored in the LSA is deleted. The service account object is not deleted from the Active Directory database. This flag has no meaning for gMSAs.

Return value

If the function succeeds, it returns STATUS_SUCCESS.

If the function fails, it returns an error code.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header lmaccess.h
DLL Netapi32.dll

See also

NetAddServiceAccount

NetEnumerateServiceAccounts

NetIsServiceAccount