Employee Leaving - Creator of Environment

Hello @CodyPatterson,

As you mentioned, the environment uses "standard "arcgis" service account", there should not be a lot of impact after the admin’s personal domain account is disabled. Portal, Server, and Data Store rely on the service account, not on the user account.

However, it would be great to run a  couple of checks though (as I have encountered such scenario before):

1. Check the Authentication Method
   1. If Portal uses IWA/Active DirectoryIf admin's domain account exists as a Portal login identity, Verify:
      • The admin's user is not the only Portal Administrator
      • Make sure another AD user or AD group already has admin privileges. 

                If his account gets disabled and and that is the only admin, the environment would be locked

b. If Portal uses built-in accounts

Then all good, nothing to worry

2. Verify all core Windows Service : On every machine (Portal, Server, Data Store etc.) confirm that services run under "arcgis", not under personal domain account (you mentioned it's arcgis but worth checking once)

3. Check Portal item Ownership : If the domain account ever logged Portal with his domain account and created: Hosted Service, maps or apps, Groups, Database Connections (These would get harder to manage after the domain account is disabled)

4. Check permission on Shared Directories : Check that the "arcgis" service account, not his domain account, has permissions to: ArcGIS Server config-store, Server directories, Portal content directory, Any shared certificate folders, Shared file-based data sources. If his domain account has any unique permissions, replace them with the "arcgis" account or and AD group and test things once.

5. Scheduled Tasks, Scripts, and Automation (these are tricky ones to find as well) : If the AD user created, "Windows task Scheduler jobs, Python Scripts, batch jobs and Backups running under his user. Change the run-as to "arcgis" or any other AD account.

6. Check Database Connections: Check registered database connections, make sure none are registered with his AD account.

Additionally, as @DEWright_CA , you can always reach out to ESRI support in case of any issues post the admin's AD account is disabled, they are great and guiding you through those kinds of events if you need.

Hope it helps!

Hi @CodyPatterson 

Could you check if your ArcGIS Server service account is running in any of this following format:

• DOMAIN\username
• .\arcgis 

If its running in local account (.\arcgis) confirm if it is machine specific. You can check that by logging into ArcGIS Enterprise machine> search "Local Users and Groups"

You can change the ArcGIS Service account, check this documentation (Best practices when changing the ArcGIS Server service account): https://support.esri.com/en-us/knowledge-base/faq-what-are-the-best-practices-when-changing-the-arcg...

To change the ArcGIS Server service account, run the Configure ArcGIS Server Account utility. Refer to ArcGIS Enterprise: Change the ArcGIS Server account for instructions.

Documentation on ArcGIS Server account:

• https://enterprise.arcgis.com/en/server/11.4/install/windows/the-arcgis-server-account.htm
• https://enterprise.arcgis.com/en/server/latest/install/windows/the-arcgis-server-account.htm#ESRI_SE...

If your ArcGIS Service account run in Domain account, you need to check if registered database connections, are not registered with that domain account. If yes, I would recommend to create a support case for more assistance.