locked
User Profile Sync Issue with AD RRS feed

  • Question

  • Hi,

    We are seeing disabled AD users in SharePoint even though we have connection filters.

    extensionAttribute3 Does not equal 1

    userAccountControl  Bit on equals 2

    Once user has been disabled in AD after running user profile sync job it has to be queued for deletion.For some reason this is not happening.I have also tried deleting the user manually from user profile and if I run the profile job user is importing back in to sharepoint even though they are disable in AD.

    Due this we are seeing disabled ad users in our ORG Chart.Please help me on this issue.

    Thank You


    • Edited by Vij-SP2010 Monday, June 22, 2015 6:51 PM
    Monday, June 22, 2015 6:32 PM

Answers

  • Did you create the connection filter with an AND or an OR?  The UserAccountControl setting of 2 is correct, but the extensionAttribute3 does not equal 1 I don't recognize.  The default is to use AND so if it was created that way then you are only filtering users where both of those are true and that may miss a lot of disabled users.  Check the following article for a more in depth discussion of the importance of AND vs OR.

    http://www.harbar.net/archive/2011/02/22/323.aspx


    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    • Marked as answer by Vij-SP2010 Thursday, June 25, 2015 7:06 PM
    Monday, June 22, 2015 9:47 PM