brianlala
farm account stay admin in some cases
Hello,
With "AddToLocalAdminsDuringSetup" and "LeaveInLocalAdmins" set to "false", farm account is added to farm administrators when provisionning some SA, like UserProfile or DistributedCache :
If (($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -or (ShouldIProvision $xmlinput.Configuration.ServiceApps.UserProfileServiceApp -eq $true) -or (ShouldIProvision $xmlinput.Configuration.Farm.Services.DistributedCache -eq $true)) { ....
But in this case, it isn't removed of this group :
If (!($runningAsFarmAcct) -and ($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -and ($xmlinput.Configuration.Farm.Account.LeaveInLocalAdmins -eq $false)) { ....
A workaround to this bug is to set "AddToLocalAdminsDuringSetup" to "true" (even if not wanted) and "LeaveInLocalAdmins" to "false"
