locked
People Picker issue for the disabled account from AD RRS feed

  • Question

  • Hello All,

    I am currently having some issue in my SharePoint 2010. Really worried, i have recently few users where they present in Domain A and Domain B in Active Directory.

    I have disabled all the users from Domain A in the AD. When i try to view the users from PeoplePicker of SharePoint.

    It is displaying the both the active and disabled users. Can someone suggest me, how to resolve the issue by displaying only the active users of the Domain.

    Note : 1. In the Central Administration, i have checked for the connection filters configuration. The exclusion filter is applied UAC bits equal to 2.

                2. Checked from FIM end too. It is confirmed that Domain A user is disabled.

    Saturday, March 2, 2013 6:31 AM

Answers

  • Hi Megan_Fox .....

    Based on my memory in MOSS, People Picker looks up user with the following order:

    1. Content Database
    2. Active Directory

    Assuming a user from Domain B (DomainB\user1) was previously added in the SharePoint site collection (siteA), an entry would have been created in content database's USERINFO table. Even if you disabled DomainB\user1's user account, People Picker can still find/recognizes it based on the entry in the content DB.

    One way to verify that disabled user account is really disabled is to create a new site collection, and test your people picker from the new site collection. The prediction is that DomainB/user1 should not show up/be recognized from people picker in the new site collection.

    Once the above is confirmed, what you need to do is to remove user from the site collection. People Picker custom filter is not gonna help you much in this case. Think through before you decide to pursuit with this option. For example, if DomainB\user1 has added/modified any list item or documents in the site, then when other users click on the link on DomainB\user1 in the "Created By" or "Modified By" column, SharePoint would throw an error.

     


    Allen Wang | MCITP, MCTS | Blog: http://blogs.msdn.com/allenwang


    • Edited by AllenWang Saturday, March 2, 2013 1:14 PM
    • Marked as answer by Jack-Gao Wednesday, March 6, 2013 10:41 AM
    Saturday, March 2, 2013 1:13 PM

All replies

  • Peoplepicker and UPS is individual, what you need to do is making a peoplepicker custom filter:

    http://www.sharepointdiary.com/2012/04/people-picker-dont-show-me-accounts.html

    Saturday, March 2, 2013 12:12 PM
  • Hi Megan_Fox .....

    Based on my memory in MOSS, People Picker looks up user with the following order:

    1. Content Database
    2. Active Directory

    Assuming a user from Domain B (DomainB\user1) was previously added in the SharePoint site collection (siteA), an entry would have been created in content database's USERINFO table. Even if you disabled DomainB\user1's user account, People Picker can still find/recognizes it based on the entry in the content DB.

    One way to verify that disabled user account is really disabled is to create a new site collection, and test your people picker from the new site collection. The prediction is that DomainB/user1 should not show up/be recognized from people picker in the new site collection.

    Once the above is confirmed, what you need to do is to remove user from the site collection. People Picker custom filter is not gonna help you much in this case. Think through before you decide to pursuit with this option. For example, if DomainB\user1 has added/modified any list item or documents in the site, then when other users click on the link on DomainB\user1 in the "Created By" or "Modified By" column, SharePoint would throw an error.

     


    Allen Wang | MCITP, MCTS | Blog: http://blogs.msdn.com/allenwang


    • Edited by AllenWang Saturday, March 2, 2013 1:14 PM
    • Marked as answer by Jack-Gao Wednesday, March 6, 2013 10:41 AM
    Saturday, March 2, 2013 1:13 PM