Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Remove ex-employee Sharepoint Access

  Asked By: Tracey    Date: Oct 09    Category: Sharepoint    Views: 4585

Does anyone know of a way to have disabled accounts automatically
removed from Sharepoint groups? Or at least something that will tell
me everwhere in Sharepoint that a person has access so I can manually
remove it?

Share: 

 

8 Answers Found

 
Answer #1    Answered By: Candis Kinney     Answered On: Oct 09

DeliverPoint does this.............

 
Answer #2    Answered By: Cora Bradshaw     Answered On: Oct 09

I did find a powershell script in case anyone is
interested but it looks like it works off a site collection which may
be an issue because we have several of them.... But here is the URL if
anyone is interested.

www.powershell.nu/.../remove-sharepoint-users-programmatically-par\
t-2/

 
Answer #3    Answered By: Shushma Zariwala     Answered On: Oct 09

They should be removed after the tird 'no-show' in the Active
Directory import process. But also try using /_layouts/siteusrs.aspx
to delete any remnants.

 
Answer #4    Answered By: Bahadur Kotoky     Answered On: Oct 09

A "no-show" meaning the account was deleted? We have a policy that we
don't ever delete accounts, maybe I could deny the farm admin's
account access  to the container we move disabled  accounts to... But
this should remove  their site permissions?

 
Answer #5    Answered By: Jeremey Avery     Answered On: Oct 09

If you have disabled  the account in AD you don't actually need to remove  their
site permissions. The disabled account in AD means that they won't be able to
authenticate to the system. Without authenticating their site permissions don't
actually mean anything. However, if you are just trying to clean-up there is no
automated way to do it. You can manually delete them from each site collection
by navigating to groups  > All People and deleting them from the All People's
group. This will also remove any individual user permissions or SharePoint
group memberships for that user. It will not remove them from any AD groups
that have rights to SharePoint.

There is however a downside to removing them from this list. If the user
uploaded any documents or created any list items they will still be referenced
in the metadata of the item. But their profile will no longer be available if
you click on them in any of those records.

 
Answer #6    Answered By: Mariel Ferrell     Answered On: Oct 09

Have you tried a filter on your import? The below filter does not import Deleted
accounts:
(&(objectCategory=person)(objectClass=user)(
!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Maybe you can change the (!...) part to exlude the 'container' for the disabled
accounts.

 
Answer #7    Answered By: Santana Osborn     Answered On: Oct 09

'disabled'accounts......................

 
Answer #8    Answered By: David Brown     Answered On: Oct 09

I think this will work perfect. I will try changing the filter.

 
Didn't find what you were looking for? Find more on Remove ex-employee Sharepoint Access Or get search suggestion and latest updates.




Tagged: