With "AddToLocalAdminsDuringSetup" and "LeaveInLocalAdmins" set to "false", farm account is added to farm administrators when provisionning some SA, like UserProfile or DistributedCache :
If (($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -or (ShouldIProvision $xmlinput.Configuration.ServiceApps.UserProfileServiceApp -eq $true) -or (ShouldIProvision $xmlinput.Configuration.Farm.Services.DistributedCache -eq $true)) { ....
But in this case, it isn't removed of this group :
If (!($runningAsFarmAcct) -and ($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -and ($xmlinput.Configuration.Farm.Account.LeaveInLocalAdmins -eq $false)) { ....
A workaround to this bug is to set "AddToLocalAdminsDuringSetup" to "true" (even if not wanted) and "LeaveInLocalAdmins" to "false"
Hello,
With "AddToLocalAdminsDuringSetup" and "LeaveInLocalAdmins" set to "false", farm account is added to farm administrators when provisionning some SA, like UserProfile or DistributedCache :
If (($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -or (ShouldIProvision $xmlinput.Configuration.ServiceApps.UserProfileServiceApp -eq $true) -or (ShouldIProvision $xmlinput.Configuration.Farm.Services.DistributedCache -eq $true)) { ....But in this case, it isn't removed of this group :
If (!($runningAsFarmAcct) -and ($xmlinput.Configuration.Farm.Account.AddToLocalAdminsDuringSetup -eq $true) -and ($xmlinput.Configuration.Farm.Account.LeaveInLocalAdmins -eq $false)) { ....A workaround to this bug is to set "AddToLocalAdminsDuringSetup" to "true" (even if not wanted) and "LeaveInLocalAdmins" to "false"