none
SharePoint Active Directory Import

    Question

  • I am using SharePoint 2016 on-premise and I am also using the SharePoint Active Directory Import for user profiles.  I am seeing disabled users that still show up the user profiles but according to MS "The AD import option doesn't remove users when "Filter out disabled users" is selected. This is by design..."  Why by design?
    Friday, June 02, 2017 4:12 PM

All replies

  • Since we are not using FIM for synchronization, there is nothing to look into Sync DB. Everything happens within Profile DB. Full import will detect the user is not getting imported and marks the field ‘IsImported’ to 0 on DNLookup table in Profile DB for the affected user. 

    https://blogs.msdn.microsoft.com/spses/2014/04/13/sharepoint-2013-adimport-is-not-cleaning-up-user-profiles-in-sharepoint-whose-ad-accounts-are-disabled/



    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -Waqas Sarwar(MVP) Blog: http://krossfarm.com

    Friday, June 02, 2017 5:27 PM
    Moderator
  • Just but the next sentence says "However it still does not set bdeleted to 1 in UserProfile_Full table which is needed for MySiteCleanUp Job to delete the profile and finally Personal Site" so it still doesn't do it
    Friday, June 02, 2017 8:48 PM
  • The bottom line is it sounds like AD Import does not meet your needs, hence you should look into deploying MIM.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, June 02, 2017 9:12 PM
    Moderator
  • Hi,

    Please try to do as follows:

    1. Run the PowerShell script below:

    Get-SPServiceApplication
    $upa = Get-SPServiceApplication <identity>
    Set-SPProfileServiceApplication $upa -GetNonImportedObjects $true
    Set-SPProfileServiceApplication $upa -PurgeNonImportedObjects $true

    2. Change the filter to include "isDeleted":

    (|(isDeleted=TRUE)(&(objectCategory=person)(objectClass=user)(!(title=*Service Account*))(|(company=MyCompany1)(company=MyCompany2))))

    https://mwiedemeyer.de/blog/post/sharepoint-2013-profile-synchronization-does-not-delete-user-profiles

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, June 05, 2017 6:02 AM
    Moderator
  • From what I am reading the purge objects command has nothing to do with disabled/deleted users from AD.  It only applies to profiles created for users that are NOT imported from AD.  eg a user that exists in an OU that is NOT selected in the UPA.  If this user access SP site, it will have a "NonImported" profile created.  And that is the type of profile that the purge commands will find and remove.

    Joshua Fuente

    Wednesday, January 03, 2018 9:01 PM
  • Purge will also apply to users no longer within the scope of the UPSA connections, e.g. users who have been deleted or moved outside of a synchronized OU.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, January 03, 2018 9:10 PM
    Moderator