Sign in
 
HomeProductsLibraryLearnDownloadsResource CentersSupportCommunityForums
SharePoint Developer Center > SharePoint 2010 Forums > SharePoint 2010 - General Questions and Answers > SPWeb.SiteUser collection cleanup

Answered SPWeb.SiteUser collection cleanup

    •  
      Wednesday, October 26, 2011 8:37 PM
       
       
      Sign In to Vote
      0
      Sign In to Vote

      Will any timer job remove AD Users from the SiteUsers collection when they are removed the ADU&C?

      Currrently ran into an issue where the EnsureUser method validated a user because they existed in the SiteUser collection, but not in Active Directory anymore.  After removing them the web site, the EnsureUser method throw an exception indicating they were not found, which was the intended result.

      How to find all of the deleted AD users in the SiteUsers collection?


      • Edited by MULTISY Wednesday, October 26, 2011 8:38 PM Typo
      •  
       

    Answers

    • Wednesday, October 26, 2011 10:36 PM
       
       Answered
      Sign In to Vote
      0
      Sign In to Vote

      Hi,

      Users that where added to a Site Collection stay in the Site Collection until you manually delete them. You need to consider that if you remove a user from a site collection and another user change a document that was added by this user. Created by / Modified by won't find a valid user to display.

      Person / Group Fields in SharePoint are from a technical point of view lookup against the userinformation list.

      You can delete them but it doesn't make a difference if a user is still in SharePoint or not. When the user is disable or deleted from a site collection they won't have access in SharePoint anyway.

      You need to manuel check if a user exists in Active Directory but there is no timer job that will do this for you.

      You should check out Tobias Zimmgrens Blog about User Information List:
      http://www.zimmergren.net/archive/2008/06/25/sharepoints-hidden-user-list-user-information-list.aspx

      There is also a tool which i never tried but it also deletes orphan users and alerts. You should always excessiv test codeplex stuff before you try this in a production environment. The source code was mode for SharePoint 2007 but with some slightly modification this can work for SharePoint 2010 too.

      http://sharepointwillem.blogspot.com/2010/08/cleanup-orphaned-users-and-alerts.html
      http://landofsharepoint.codeplex.com/

      Kind regards
      Stefan

      http://www.n8d.at/blog
      Follow me on Twitter: StFBauer | n8design
      Microsoft Community Contributor 2011
      MCTS - SharePoint / WSS Configuration and Development
       

    All Replies

    • Wednesday, October 26, 2011 10:36 PM
       
       Answered
      Sign In to Vote
      0
      Sign In to Vote

      Hi,

      Users that where added to a Site Collection stay in the Site Collection until you manually delete them. You need to consider that if you remove a user from a site collection and another user change a document that was added by this user. Created by / Modified by won't find a valid user to display.

      Person / Group Fields in SharePoint are from a technical point of view lookup against the userinformation list.

      You can delete them but it doesn't make a difference if a user is still in SharePoint or not. When the user is disable or deleted from a site collection they won't have access in SharePoint anyway.

      You need to manuel check if a user exists in Active Directory but there is no timer job that will do this for you.

      You should check out Tobias Zimmgrens Blog about User Information List:
      http://www.zimmergren.net/archive/2008/06/25/sharepoints-hidden-user-list-user-information-list.aspx

      There is also a tool which i never tried but it also deletes orphan users and alerts. You should always excessiv test codeplex stuff before you try this in a production environment. The source code was mode for SharePoint 2007 but with some slightly modification this can work for SharePoint 2010 too.

      http://sharepointwillem.blogspot.com/2010/08/cleanup-orphaned-users-and-alerts.html
      http://landofsharepoint.codeplex.com/

      Kind regards
      Stefan

      http://www.n8d.at/blog
      Follow me on Twitter: StFBauer | n8design
      Microsoft Community Contributor 2011
      MCTS - SharePoint / WSS Configuration and Development
       
    • Thursday, October 27, 2011 1:49 PM
       
       
      Sign In to Vote
      0
      Sign In to Vote

      Interesting that users are never removed, this is good for Microsoft, because you need a SharePoint CAL for every unique SharePoint user, and those dead AD accounts would still require a CAL.

      Sweet deal for Microsoft.

       
    • Thursday, October 27, 2011 9:29 PM
       
       
      Sign In to Vote
      0
      Sign In to Vote

      Because the EnsureUser will also use the SiteUsers collection, resulting in false positives for valid AD users, the better way to validate user is using:

      Microsoft.SharePoint.Utilities.SPUtility.ResolvePrincipal function.

      If user is no longer a valid AD user, function will return null.

      Hope this helps. 

       
    • Thursday, October 27, 2011 9:59 PM
       
       
      Sign In to Vote
      0
      Sign In to Vote
      Users should never be removed from the User Information List, only marked as deleted (which is what happens when a user is removed through the Site Collection Admin UI).
      http://sharepoint.nauplius.net