locked
User Profiles & User Information List Question: Deleting Users RRS feed

  • Question

  • In 2007, we have a forms based authentication setup which checks the users last login date (inactive user) and deletes their ID from our database and site information list.

    In 2010, we're moving to a Claims Based SAML system which doesn't use FBA.

    We'd like to delete the user based on their last login date which is a custom property we've added to their profile in the user profile service. When I delete the user's profile, and the User Profile to SharePoint Syncronization timer job runs, the users are not removed from the site user information lists.

    Is there anyway to have users deleted from mutiple SharePoint sites when their profile is deleted from the profile service?


    Jeff Scroggin
    Monday, November 29, 2010 10:53 PM

Answers

  • The User Information List is separte from the User Profiles and can only be deleted manually (or via code) and it has to be done for each site collection. I would recommend writing a console program and running it as a job to clean up the various user information list. For example, create a list that contains the login name of the user to be deleted and when the job runs it would delete the user from all the various site collections (these could be in a list as well) and then deletes the user from the list.
    Hope that helps,
    SharePointNinja

    • Marked as answer by Lily Wu Thursday, December 9, 2010 9:38 AM
    Tuesday, November 30, 2010 6:02 AM

All replies

  • The User Information List is separte from the User Profiles and can only be deleted manually (or via code) and it has to be done for each site collection. I would recommend writing a console program and running it as a job to clean up the various user information list. For example, create a list that contains the login name of the user to be deleted and when the job runs it would delete the user from all the various site collections (these could be in a list as well) and then deletes the user from the list.
    Hope that helps,
    SharePointNinja

    • Marked as answer by Lily Wu Thursday, December 9, 2010 9:38 AM
    Tuesday, November 30, 2010 6:02 AM
  • That's what I needed to know. Thanks!
    Jeff Scroggin
    Tuesday, November 30, 2010 3:36 PM
  • Try this PowerShell script, which will check the users against AD and remove them if they don't exist in AD:

    [int]$GLOBAL:TotalUsersUpdated = 0;
     
    function Check_User_In_ActiveDirectory([string]$LoginName, [string]$domaincnx)
    {
        $returnValue = $false
        $strFilter = "(&(|(objectCategory=user)(objectCategory=group))(samAccountName=$LoginName))"
        $objDomain = New-Object System.DirectoryServices.DirectoryEntry($domaincnx)
     
        $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
        $objSearcher.SearchRoot = $objDomain
        $objSearcher.PageSize = 1000
        $objSearcher.Filter = $strFilter
        $objSearcher.SearchScope = "Subtree"
     
        $colResults = $objSearcher.FindAll()
     
        if($colResults.Count -gt 0)
        {
            $returnValue = $true
        }
     
        return $returnValue
    }
     
    function ListOrphanedUsers([string]$SiteCollectionURL, [string]$mydomaincnx)
    {
        [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
        $site = new-object Microsoft.SharePoint.SPSite($SiteCollectionURL)
        $web = $site.openweb()
     
        Write-Host "SiteCollectionURL:", $SiteCollectionURL
     
        $siteCollUsers = $web.SiteUsers
        Write-host "SiteUsers:", $siteCollUsers.Count
        
        #Create array to hold non-existant users
        $usersToRemove = @()
     
        foreach($MyUser in $siteCollUsers)
        {
            if(($MyUser.LoginName.ToLower() -ne "sharepoint\system") -and 
                ($MyUser.LoginName.ToLower() -ne "nt authority\authenticated users") -and 
                ($MyUser.LoginName.ToLower() -ne "nt authority\local service"))
            {
                $UserName = $MyUser.LoginName.ToLower()
                $Tablename = $UserName.split("\")
                
                $returncheck = Check_User_In_ActiveDirectory $Tablename[1] $mydomaincnx 
                if($returncheck -eq $False)
                {
                    Write-Host "User does not exist", $MyUser.LoginName, "on domain"
                    $usersToRemove = $usersToRemove + $MyUser.LoginName
                    $GLOBAL:TotalUsersUpdated += 1;
                }
            }
        }
        
        foreach($u in $usersToRemove)
        {
            Write-Host "Removing", $u, "from site collection", $SiteCollectionURL
            $siteCollUsers.Remove($u)
        }
     
        $web.Dispose()
        $site.Dispose()
    }
     
    function ListOrphanedUsersForAllColl([string]$WebAppURL, [string]$DomainCNX)
    {
        [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
     
        $Thesite = new-object Microsoft.SharePoint.SPSite($WebAppURL)
        $oApp = $Thesite.WebApplication
        Write-host "Total Site Collections:", $oApp.Sites.Count
     
        $i = 0
        foreach ($Sites in $oApp.Sites)
        {
            $i = $i + 1
            Write-Host "---------------------------------------"
            Write-host "Collection Number", $i, "of", $oApp.Sites.Count
     
            if($i -gt 0)
            {
                $mySubweb = $Sites.RootWeb
                $TempRelativeURL = $mySubweb.Url
                ListOrphanedUsers $TempRelativeURL $DomainCNX
            }
        }
     
        Write-Host "======================================="
     
    }
     
    function EnumerateAllSiteColl()
    {
        $farm = Get-SPWebApplication | select DisplayName
        foreach($app in $farm)
        {
            $webapp = Get-SPWebApplication | ? {$_.DisplayName -eq $app.DisplayName}
            Write-Host "Web Application:", $webapp.DisplayName
            ListOrphanedUsersForAllColl $webapp.Url "LDAP://DC=DEV,DC=local"
            Write-Host
        }
    }
     
    function StartProcess()
    {
        cls
     
        [System.Diagnostics.Stopwatch] $sw;
        $sw = New-Object System.Diagnostics.StopWatch
        $sw.Start()
     
        EnumerateAllSiteColl
     
        $sw.Stop()
     
        write-host "***************************"
        write-host $GLOBAL:TotalUsersUpdated, "users removed in", $sw.Elapsed.ToString()
        write-host "***************************"
    }
     
    StartProcess

    Thursday, July 18, 2013 3:08 AM
  • This is a long shot, but I'm trying to use the above powershell script and I'm not well versed in powershell. I'm getting the "AuthorizationManager check failed" error and I cannot figure out why. The execution policy is set to remote signed and it doesn't look like the code is using powershell profiles. Additionally the WMI service is running and I tried restarting it. Are there obvious dependencies in the code that I'm just not seeing that could causer that error?

    Thank you.

    Thursday, February 5, 2015 3:39 PM