If you cannot remove a Microsoft account from your Windows 10/11 machine, navigating to HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities and deleting the subkey associated with the email address can force the system to forget the account. 2. Resolving Persistent "Fix Your Account" Prompts
You see OneDrive sync errors or you are unsure which Microsoft account email is associated with your OneDrive storage.
(Identity Certificate Revocation List) registry key is a core component of the Microsoft Identity Service , historically associated with Windows Live Sign-in Assistant
Some malware strains have been observed to specifically target the IdentityCRL registry to further their objectives. For instance, the Trojan.MulDrop38.15250 has been known to modify the registry to ensure its own persistence on an infected system. Additionally, certain malware has been found to drop malicious executables within a subfolder of the IdentityCRL directory ( %LOCALAPPDATA%\Microsoft\Windows\IdentityCRL\DigitalSignature\ ). identitycrl registry
Re-add your desired Microsoft account or confirm the profile has reverted to a local state. Registry Path Fix Account Already Used
: Microsoft Lync 2010 uses a pluggable identity client runtime (IDCRL) in order to authenticate with Microsoft Lync Online and Microsoft Exchange Online services hosted in the cloud. The IDCRL library was a 32-bit Windows dynamic link library (DLL) that exported specific C++ functions to manage the authentication flow.
Under this key, each subkey represents a Microsoft account email address that has been used to sign into Microsoft services on that Windows profile. The data stored includes not just the email but also the account’s CID (a 16‑hex‑digit identifier) and other identity properties. This information powers the account picker in Windows apps, the Microsoft Store sign‑in, and the “Accounts” section in Windows Settings. If you cannot remove a Microsoft account from
The registry path HKEY_USERS\ \Software\Microsoft\IdentityCRL uses your unique Security Identifier (SID), which you can find through the command prompt using whoami /user .
Whenever you modify the Registry, especially deleting entire keys like IdentityCRL , always create a system restore point and export the keys you plan to delete. Right‑click the key in Registry Editor and select to save a .reg file. If something goes wrong, you can double‑click that file to restore the original settings.
When a user removes a Microsoft Account via Settings, the IdentityCRL registry key is supposed to be updated. If it isn't, remnants of the account can cause login prompts or issues with account switching. Common Scenarios for Modifying IdentityCRL (Identity Certificate Revocation List) registry key is a
Some malware families have been observed searching for and modifying IdentityCRL registry branches. For instance, Trojan.MulDrop.57590 was documented looking for registry locations where third‑party applications store passwords, including HKCU\Software\Microsoft\IdentityCRL . This highlights the importance of regular malware scanning and ensuring your antivirus solution monitors these sensitive registry areas.
: It maintains a cache of the accounts that have signed into the device, often found at
While IdentityCRL may persist in Windows for backward compatibility, its direct role is becoming less prominent. In many cases, deleting the IdentityCRL folder (located in the C:\Users\Public\Documents\Shared Documents\Microsoft\ directory) will not impact normal system operation and serves only to clean up obsolete data.
Each OneDrive account has a unique 16‑hex‑digit CID (content identifier). You can find the CID in the file names of the .dat and .ini files located in: