locked
AD Deleted Accounts not synchroise with User Information List RRS feed

  • Question

  • Hi,

             pls help me. In my sharepoint User Information List there are some user which is not found in AD but it reside in UIL. I have run all services and releated service applications to synchronise. But the think is the Deleted user has been removed from the User profiles but not in UIL. Can any one pls help. it's very urgent.



    Wednesday, October 16, 2013 5:30 AM

Answers

  • Yes, that is to be expected.  The UIL is not a source of truth -- that would be Active Directory.  You could develop your own solution that automatically looked for, compared, and potentially pruned users from the UIL who did not reside in Active Directory (Metalogix ControlPoint will also do this).

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Manikandan J Thursday, October 17, 2013 6:17 AM
    Thursday, October 17, 2013 5:57 AM

All replies

  • I was wondering about this too... if a user is deleted from AD - the UPS application has synced, and removed the user from the User Profile DB, and its associated mysite site - but the (deleted) account is still visible as a member of sharepoint groups within a site collection. I figured this is by design because of auditing etc... - it needs some user metadata for any files a user has created/modified etc... but I was questioned about this yesterday and was trying to find a firm answer in the form of a technet article... I've found nothing yet. sub'd.

    Wednesday, October 16, 2013 5:51 AM
  • This is standard behavior.  Users deleted from AD are not automatically deleted form Site Collections (UIL).  In addition, when a user is deleted from a Site Collection, they're just marked as deleted in the UIL, the entry in the UserInfo table is never removed for referential integrity.

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by DubaStep Wednesday, October 16, 2013 5:55 PM
    Wednesday, October 16, 2013 6:08 AM
  • Dear Trevor,

                      Thank you for your reply. I have one more query. I have many deleted users resides in Sharepoint UIL, i need to list only the active users from the UIL. is there any code available to list only the active and ignoring all inactive and deleted users from UIL?

    Manikandan


    • Edited by Manikandan J Wednesday, October 16, 2013 9:27 AM
    • Proposed as answer by Tarek Yehia Thursday, October 17, 2013 5:03 AM
    Wednesday, October 16, 2013 9:27 AM
  • The list contains two boolean properties, Hidden and Deleted.  

    I have the same issue, and it would seem like Deleted is the one to use when filtering the data.  However I haven't been able to get this value to update as yet.  I have deleted a user from AD, removed them from all the groups in the site collection.  Ran the profile sync 3 times.  The deleted property has remained false.

    I'll check again tomorrow.

    Wednesday, October 16, 2013 10:32 AM
  • Tim Wheeler,

                         I too check with the Deleted and isActive field in UIL to filter inactive Accounts. but the Account already deleted in AD does not changed in UIL, i mean the value for Deleted as false and IsActive is true for deleted AD account. So dont know to get the Active Account from UIL.pls help.

    Manikandan


    • Edited by Manikandan J Wednesday, October 16, 2013 10:40 AM
    Wednesday, October 16, 2013 10:39 AM
  • The list contains two boolean properties, Hidden and Deleted.  

    I have the same issue, and it would seem like Deleted is the one to use when filtering the data.  However I haven't been able to get this value to update as yet.  I have deleted a user from AD, removed them from all the groups in the site collection.  Ran the profile sync 3 times.  The deleted property has remained false.

    I'll check again tomorrow.

    The UPA/Sync has nothing to do with Site Collections.  You must manually delete the user from the Site Collection to have them marked as deleted.

    Manikandan, any SPUser object on the Site Collection is 'active', it will not surface deleted users.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, October 16, 2013 2:52 PM
  • What is it you are trying to accomplish with this list of users?  Maybe there is a better way.
    Wednesday, October 16, 2013 6:00 PM
  • Dear Dubastep,

                           let me know the ways of getting the active accounts in site collection.

    Manikandan


    Thursday, October 17, 2013 4:13 AM
  • Dear Dubastep,

                           let me know the ways of getting the active accounts in site collection.

    Manikandan


    Simply run:

    $site = Get-SPSite http://siteUrl
    $site.RootWeb.SiteUsers

    That will output current, active users.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, October 17, 2013 5:30 AM
  • Dear Nauplius,

                        Thank you for your replies. In my environment I have many users in the site collection some of the user already removed from AD but it still remains on the UIL (User Information List) so i could not use UIL for Active User Enumeration and also i have checked with the following code

    using (SPSite site = new SPSite(ParentSite)
                        {                        SPUserCollection alluser = site.RootWeb.SiteUsers;
                                                    foreach (SPUser userval in alluser)
                            {                  }

                          }

    The output of the above list also giving the user which has been already deleted in AD. I could not make any manual check and remove each user in Site collection which has deleted. So i want only Active accounts list and ignore all deleted accounts in AD. Pls Help.

    Manikandan



    Thursday, October 17, 2013 5:56 AM
  • Yes, that is to be expected.  The UIL is not a source of truth -- that would be Active Directory.  You could develop your own solution that automatically looked for, compared, and potentially pruned users from the UIL who did not reside in Active Directory (Metalogix ControlPoint will also do this).

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by Manikandan J Thursday, October 17, 2013 6:17 AM
    Thursday, October 17, 2013 5:57 AM
  • Dear Nauplius,

                           Many Thanks. I will check that tool.


    If my answer solve your problem,Please click "Mark As Answer" on that post and "Mark as Helpful". Manikandan

    Thursday, October 17, 2013 6:16 AM
  • So the command Trevor gave you will give you all users.  You can use PowerShell to pipe that output to a text file.  Then simply paste the contents into people picker or an AD window and click resolve.  It will only resolve the valid users.  You would have to manually remove the invalid users, but then you would have the list of users you are looking for.  You could probably also have PowerShell do this with if/else scenario, but that is a bit beyond my PowerShell at a glance knowledge.
    Thursday, October 17, 2013 2:31 PM
  • Dear Dubastep,

                          Thank your for your reply. Yes you are right. I have to connect with AD and get all the Inactive Accounts like Disabled and Deleted and than check the list with User Information List if any available than i have to delete those accounts from the UIL. 

    Manikandan



    Friday, October 18, 2013 4:27 AM