Nice Article. But when running the AlwaysOn Wizard GUI you will get ownership to multiple things not only endpoint that may need changing
1. Your login becomes owner of the endpoint which is already discussed in this article and how to change it.
--Check Endpoint Owner
SELECT SUSER_NAME(principal_id) AS endpoint_owner, name AS endpoint_name
2. Your login also becomes the owner of the AG Group you created
-- Check Owner of AG Group
SELECT ar.replica_server_name, ag.name AS ag_name, ar.owner_sid, sp.name
FROM sys.availability_replicas ar
LEFT JOIN sys.server_principals sp
ON sp.sid = ar.owner_sid
INNER JOIN sys.availability_groups ag
ON ag.group_id = ar.group_id
WHERE ar.replica_server_name = SERVERPROPERTY('ServerName') ;
-- Change AG_Owner TO SA
ALTER AUTHORIZATION ON AVAILABILITY GROUP::YourAGGroupNameGoesHere TO [SA] ;
3. Your login becomes owner of the AG DB on the secondary replicas if you used the AG wizard to restore the database on the secondary replicas
-- Check All Database Owners ( Run it on the secondary replicas to check)
SELECT name, suser_sname(owner_sid) FROM sys.databases;
-- Change DB Owner to SA (You will first need to failover to that server and make it primary first before you can run below)
EXEC dbo.sp_changedbowner @loginame = N'SA', @map = false
4. Your individual login also gets added directly as a server login with public access. You will need to drop it if you get access using group membership (ie: domain\DBADroup).
-- You will not be able to run below to drop login with which you are already logged into the server with. Have someone else run it or use a different login account.
DROP LOGIN [domain\individualLogin]