I recently had to manually remove a secondary site (S01) from a ConfigMgr 2007 SP1 hierarchy. It deleted ok from the parent site (P01), but since that doesn’t replicate up the hierarchy, I had to go to the Hierarchy Maintenance Tool (Preinst.exe) on the central (C01) site to fully remove it. However, when logged on to the central site as a ConfigMgr administrator (full rights granted via a domain security group), I was getting the following result when running preinst.exe /delsite S01 P01:
S01 is not a known site.
The ConfigMgr Documentation Library topic on the Hierarchy Maintenance Tool (Preinst.exe) has the following blurb that applies to this situation:
“…The logged-on user must explicitly have the Site – Administer security right; it is not sufficient that the logged-on user inherits this right by being a member of a group that has that permission.”
Following the documentation I granted myself the Administer right on the Site class, which by default also adds the Delete, Modify and Read rights. I removed the three other rights and explicitly added just the Administer right for my user, reran preinst and received the same result. I modified my right on the Site class to also include Delete, Modify and Read as the wizard desires, and then when running preinst.exe /delsite S01 P01:
Deleted site S01 from the database.
This is a well documented, by design issue from SMS 2003 (KB833179) which recommends selecting all rights for the Site class which obviously varies from the ConfigMgr documentation. In short: Site – Administer alone is insufficient.