Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

User Management

  Asked By: Josue    Date: Mar 20    Category: Sharepoint    Views: 925

We have a SPS Portal and a good number of WSS Sites. We have about 450
Active Directory Users accessing this SPS Portal and the corresponding
WSS Sites.

I have just opened an existing WSS Site and clicked "Manage Users",
incidently, I was able to notice that there are 650 users in the site,
where as the Active Directory has only 450 Users. I just did a quick
search and noticed that the users who have left the job or transfered
to different office locations have been deleted/disabled from the
Active Directory, however they are still existing in the site.

Is there any setting that if the user is deleted/disabled from Active
Directory, then he/she will be deleted from all the WSS sites

My previous question to this forum was not answered, I donot know if
that question is a simple/hard. I would appreciate if anyone can help
me with any URL/documentation



9 Answers Found

Answer #1    Answered By: Trinity Scott     Answered On: Mar 20

We have similar issues. As far as I know there is not a tool that looks at the Active Directory and will make changes to the SharePoint environment. If the user  is removed from AD, they would not be able to access the SharePoint platform since the system makes numerous validations. One tool you may want to look at is iDev Factory SharePoint Manager - it has a feature that allows you to audit an individual and locate everywhere he/she is validated. You can either remove the user or you can swap the user with another validated person (in the case where the individual is replaced). They offer a 30-day trial if you want to check it out.

Answer #2    Answered By: Constance Guerrero     Answered On: Mar 20

When you go to Manage Profile Database and click on View user  Profiles, what do you see? Do you see all 650 users? Do see a difference in
Total number  of user profiles: xxx
Number of active user profiles: xxx

Is ther anyone listed when you click on Missing from import?

Have you configured your import connection via
Army Training Support Center Portal > Site Settings > Manage Profile Database > Configure Profile Import > Manage Connections
Edit Connection and configured the User filter to not import inactive accounts [ (&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))) ]

Account normally get deleted from the profile database after they do not show up in an import three times.

Answer #3    Answered By: Chandrabhan Konwar     Answered On: Mar 20

I think this must be a misunderstanding on my part so apologies if this
is a stupid question. Apart from manual processes is there any user
management facilities in MOSS 2007? What I mean by that is: What happens
if someone who has access to a number  of sites, is a member of several
groups and has a "MySite" leaves the organisation? In our case their
account is first disabled and subsequently deleted from Active Directory
but will anything happen as a result in MOSS or does someone have to
work through every site, list and group to manually delete them. I can't
believe that is the case as it would be impossible to manage  in anything
other than very small organisations so it must be something I don't
understand? Does anyone have any suggestions about this?

Answer #4    Answered By: Tina Owens     Answered On: Mar 20

You aren't really missing anything, but you need to consider what really
needs to happen in SharePoint.

As soon as you deactivate the user  in AD the SharePoint User can no
longer be used to login or access anything. At this point that User's
profile is only really used in SharePoint for maintaining legacy
metadata. You really shouldn't delete them from SharePoint or things
like documents that they created or modified will no longer have a valid
user entry associated with them. You want to maintain that metadata.
You just don't want anyone using the account to login and have access to

Having said all that there is a 3rd party tool that you may want to look
at which adds some of these centralized user management  capabilities.
Take a look at DeliverPoint by Barracuda. I should point out that
Barracuda is owned by the same people that I work for. But its still a
great product

http://www.barracuda.net <http://www.barracuda.net>

Answer #5    Answered By: Tiana Whitaker     Answered On: Mar 20

That is a very helpful answer and it has put my mind at rest. I am only
doing a small pilot now but it is likely to form the basis of something
that will be rolled out to around 20,000 users. I was getting a bit
worried about the user  management side of things but I should have
realised that deleting users  from SharePoint is not necessarily a good
thing. I knew I could use AD groups but they don't show as much as
either having individual users or SharePoint groups assigned to sites. I
think the list of individual users looks nicer.

Answer #6    Answered By: Alice Chandler     Answered On: Mar 20

An additional thought, we created an InfoPath workflow for when an
employee new-hire & terminations. It includes HR, Accounting,
IT/Telco (etc), to help track users.

Answer #7    Answered By: Lynette Sawyer     Answered On: Mar 20

To continue this thread, what happens to the old user  profile? Say you
have Joe Employee, who actively works in MOSS and then leaves the
company. His account is removed from AD, but his user profile remains in
SharePoint and comes up in people search. If you blow away his old user
profile, what does that do to the still valid content he created and its
associated metadata?

To complicate the question further, say Joe Employee comes back after
discovering that the grass is, indeed, not greener out there. Since he
left, however, your company has changed the underlying domain
infrastructure and his login is different. This now creates a second
profile, which exists in parallel to the first profile. All of Joe's old
content is under his old AD association, but anything new is under his
new AD login. To SharePoint, the first Joe is an entirely different
person than the second Joe. How would you suggest cleaning up this mess?

Answer #8    Answered By: Shelton Dickson     Answered On: Mar 20

I did some experiments after I e-mailed the original query and it seems
that some tidying up is done anyway. Perhaps it was something else but
what I did was as follows.

1. Created a test user  (xyzzy) in AD.

2. Did a full profile import so that xyzzy appears and has a

3. Deleted xyzzy from AD.

4. Did a full import and xyzzy is still there including their

5. Repeated the full import a few more times (it only takes me
around 2 mins) and his profile and his mysite are gone. I did this
because I read somewhere that something happens to users  that are
missing for three consecutive imports.

It looked good  except that the account is still in SharePoint though and
appears in various places. As Paul says it is perhaps for a reason that
people remain in SharePoint. Since then I have checked on some real
people that have left and sure enough their profile and MySite goes away
as well. However, I am no expert on SharePoint (or anything else for
that matter) so I could have got it wrong somewhere. Perhaps it was just
a fluke but the real people seem to be getting deleted without me doing
anything so there is some cleanup taking place.

Answer #9    Answered By: Gretchen Stokes     Answered On: Mar 20

You are both correct. The Profile and MySite will go away after several
full imports find it missing in AD. But Katherine's question is also
correct. Because if the person comes back to the company and a NEW AD
account is created they will get a new profile and MySite. They also
will appear as a new user  instead of the original user.

Having said that, Barracuda (a sister company to Mindsharp) is adding
the capability to synchronize the new account with the old account to
the next version of DeliverPoint. Right now I don't think there is a
fix for the problem.

Didn't find what you were looking for? Find more on User Management Or get search suggestion and latest updates.