none
User profiles cleanup problem - bdeleted does not change to 1

    Question

  • Hello,

    In my environment there is UPSA, Active Directory connection created and profiles already imported. When I deleted one of imported account in Active Directory and run UPA Full Sync the account was not removed from SharePoint profiles - which is expected behaviour! The problem is that the account is not being marked to be deleted. I checked 'UserProfle_Full' table in UPSA db and recognized that 'bdeleted' did not change to 1.

    The good is that 'IsImported' has changed from 1 to 0 but why 'bDeleted' remained on 0?

    I tried also just disable account in AD and the result was the same (I use LDAP filter (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)) in UPA Sync connection and I'm sure it works correctly).

    My farm version - 16.0.4600.1001 (October 2017 CU installed)

    Has anybody faced this problem or can advise how to troubleshoot it?



    Tuesday, November 7, 2017 12:31 PM

All replies

  • Hi Przlwo,

    AD Import does not delete the disabled accounts automatically in User Profile Service Application.

    To remove obsolete users, run the following PowerShell command:

    # Get the User Profile Service application object
    
    $upa = Get-spserviceapplication <identity>
    
    # Delete the obsolete users and groups
    
    Set-SPProfileServiceApplication $upa -PurgeNonImportedObjects $true


    For more information, read the following blog:

    https://blogs.msdn.microsoft.com/spses/2014/04/13/sharepoint-2013-adimport-is-not-cleaning-up-user-profiles-in-sharepoint-whose-ad-accounts-are-disabled/

    Best Regards,

    Linda Zhang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 8, 2017 4:46 AM
    Moderator
  • Hi Linda,

    Thank you for reply.

    I'd like to use functionality of the 'Mysite cleanup job' and as I know the action is taken when 'bdeleted = 1'. Should it be still the case in SP2016 that if Full Sync does not "see" an account in Active Directory any more, bdeleted is setting to 1?


    • Edited by Przlwo Wednesday, November 8, 2017 12:31 PM
    Wednesday, November 8, 2017 12:30 PM
  • The purge command only remove profile that were "never" imported.  It does not remove imported profile disabled or otherwise.

    Joshua Fuente

    Wednesday, January 3, 2018 9:45 PM