Skip to main content
DeleteConnectedIdentity function

Deletes the user credential used for the connected identity.


SEC_ENTRY DeleteConnectedIdentity(
  _In_     PVOID  ProviderHandle,
  _In_opt_ HANDLE UserToken,
  _In_     PSID   UserSid,
  _In_     PWSTR  IdentityUserName


ProviderHandle [in]

Identity provider handle.

UserToken [in, optional]

Token of the connected user whose account is going to be converted to a local account. If UserToken is not NULL, the identity provider uses this token to load the user profile and clean up connected states. If UserToken is NULL, LSA is forcing the disconnection. The identity provider should clean up any global connected states on this user, but the provider does not have to clean up connected states in the user profile.

UserSid [in]

The primary SID of the connected user. If UserToken is not NULL, this parameter is the user SID of the token. If UserToken is NULL, this parameter is used to identify the connected user and clean up global connected states of that user.

IdentityUserName [in]

The user name of the identity.

Return value

If the function succeeds, the function returns SEC_E_OK.

If the function fails, the function may return one of the following error codes.

Return valueDescription

A parameter is not valid.


The user identified by UserSid does not exist, is not currently connected, or there is no identity whose user name matches IdentityUserName.


There is not enough memory to process the request.



Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]