Help Removing an old AD account from shared VM Access list

[Skiver Veteran]

I seem to be in a bit of a catch 22 here , I think I've hit the following issue with a virtual machine however rather than a User Role with a deleted AD account I have a VM that has shared Access with a deleted AD account. 

 

If I try to remove the AD account via SCVMM I get the following;

 

Quote

Error (813)
The specified owner is not a valid Active Directory Domain Services account.


Recommended Action
Specify a valid Active Directory Domain Services account, and then try the operation again.

 

Even trying powershell (my powershell skills are pretty limited) but using the following I get the same error;

 

$Resource = Get-VM | where {$_.Name -eq "VMNAME"}
Revoke-SCResource -Resource $Resource -Username "SID"

 

I tried adding a -force to the end as I know I've seen that used in the past for dead hosts but it doesn't seem to recognise it but that could just be me remembering it's use wrongly.

 

So I'm stuck in a situation where a self service user can't console to the VM because of a deleted AD account but I can't remove the account because it's been deleted - Suggestions anyone? I imagine I could do it via SQL but my SQL skills are much worse than my powershell so I'd rather not go messing with something I don't understand.

[binaryzero]

So let me get my head around this, sorry I'm struggling to understand the question when the article you've linked is different to the problem you're having (as you've said).

 

There's an AD user that's been added to a user role inside SCVMM that at some point the user was deleted through AD users and groups. Now that user is trying to connect to a VM?

 

I am pretty far off, aren't I?

[Skiver Veteran]

Yeah pretty far off...

 

OK so let me explain the whole thing.

 

I have a self service user who is trying trying to console into a VM using the App Controller Web Portal, they get an error that VMM has lost connection to the machine. I found the following Knowledge Base Article that suggested if the Self Service User Role had a member assigned that no longer existed then his symptom can be seen so remove it.

 

Now my issue is slightly different in that we don't assign users to the roles we do it by AD group and manage within AD and I've checked the group itself and no deleted user SID's so I know that's not the case. However I noticed that the VM itself is setup with shared access and the user shared the VM with 3 people. 2 of which are still with the company and one has left (just a SID remains).

 

This is why my problem above comes in, if I click remove I get the error regarding not being a valid AD user and same with powershell. Is that a little more clear?