In my test environment, I deleted the account I installed SCCM with. Unfortunately, I had not given any other account admin rights and therefore I had locked myself out of SCCM. However, in the SQL database you can easily give another account the rights to get back into SCCM. It can happen that an administrator leaves a company and his account is deleted. There may still be plenty of admins with access, but possibly not the account with all the rights, which can get you into trouble.
Application | Microsoft System Center Configuration Manager (SCCM) |
Location |
On-premise installation |
Topic | SCCM Admin Account |
In this Blog
In the blog I explain step by step how you can regain administrator access to SCCM. To modify the admin account you need SQL administrator rights on the SQL database or at least on the database where SCCM is installed. After performing these steps another account will have full Administrator rights in SCCM.
Locate objectSID
New Administrator
first we look up the objectSID of the new admin that we are going to use for SCCM
- Opening ADSIEdit.msc.
- Locate the user, right click properties.
- Find the objectSID; dubbel click the objectSID to see the value in hexadecimal format,
- Copy objectSID; remove all spaces.
Microsoft SQL Server Management Studio Part 1
RBAC Admin objectSID info old admin
- Open SQL Management Studio and execute the following query.
use CM_LID
(LID is my site code)select AdminID,AdminSID,LogonName,DisplayName from RBAC_Admins
- The account that is now displayed is the old admin account. In my demo it is the same account just with the wrong objectSID.
Microsoft SQL Server Management Studio Part 2
Change SID Admin objectSID
- Open SQL Management Studio and execute the following query
use CM_LID
(LID is my site code)update RBAC_Admins set AdminSID=0x01050000000000051500000038C9954BC563ECFC64643DFE84040000
select AdminID,AdminSID,LogonName,DisplayName from RBAC_Admins
- The account that is now update with the new objectSID.