After October 2022 CU we should run the following command after farm is created because the least-privileged model is automatically enabled. If this is not done then deleting web application in CA will fail to access denied error at least for setup account.
Problem description
After October 2022 CU we should run the following command after farm is created because the least-privileged model is automatically enabled. If this is not done then deleting web application in CA will fail to access denied error at least for setup account.
Get-SPDatabase | %{$_.GrantOwnerAccessToDatabaseAccount()}
https://support.microsoft.com/en-us/topic/-sorry-something-went-wrong-error-when-you-delete-a-web-application-kb5031287-e1f3e2b7-6176-4e37-ab3b-606a9e456ffa
https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration#additional-things-to-consider-for-a-least-privileged-environment
Verbose logs
DSC configuration
Suggested solution
Could we add this command maybe to the SPFarm resource as a last part after farm is created
SharePoint version and build
Operating system the target node is running
PowerShell version and build the target node is running
SharePointDsc version