locked
Orphaned Users showing up in People Picker RRS feed

  • Question

  • Hi Everyone,

    I migrated our SharePoint 2007 Environment from one Domain to another.  Now there are a few employees that have both their old domain and new domain account displayed in people picker in one site collection only.  I am able to find some of the old accounts in the User Information List of the site collection and delete them, but there are other accounts that I cannot find there to delete. 

    Things I have tried:

    1. Re-ran stsadm -o migrateuser command.
    2. Checked the User Information List for the old domain account.
    3. Ran stsadm -o deleteuser

    Is there anything else that I could check?  The problem is that these accounts can still be added to workflows, which then errors out since the account is invalid. 

    Thanks in advance for any help that you can provide.

    Tuesday, February 21, 2012 9:52 PM

Answers

  • Finally!  I found a way to delete these "stubborn" users who do not show up in the User Information List from showing up in People Picker!  I had to do the unthinkable and "touch" the SQL server by running a SELECT query to find their user id.  Then I used that id in SharePoint to view their profile where I could finally delete the account from the site collection.  Not sure why I didn't think of this before but at least it works for me.

    So here are the steps I took:

    1. In SQL: SELECT * FROM [WSS_Content_DatabaseName].[dbo].[UserInfo] WHERE tp_Login='DOMAIN\username'
    2. Take note of the tp_ID
    3. In IE, go to http://<your sharepoint site collection/_layouts/userdisp.aspx?ID=tp_ID, where tp_ID is the number you found from your select statement.
    4. It should take you to the user's profile where you can click on the Delete User from Site Collection button.

    I hope that helps people who find themselves in the same situation as me.


    • Edited by tyrone888 Wednesday, March 14, 2012 8:09 PM
    • Marked as answer by tyrone888 Wednesday, March 14, 2012 8:12 PM
    Wednesday, March 14, 2012 8:08 PM

All replies

  •  

    Start a full profile import and check if the contentdb is synchronized with SSP db by executing this command

    stsadm -o sync -listolddatabases 1

    In order to make the correlation between IDs and the content database names you need to execute the following query on the SharePoint configuration database:

    select o.id, o.name,* from objects o

    inner join classes c on o.classid = c.id

    where c.fullname like ‘%SPContentDatabase%’

    If the databases is not synchronized you can execute this command:

    stsadm -o sync –deleteolddatabases 1

    Now, you have to wait one hour for the synchronization job to start. One hour is the default value.If you want to change the synchronization job execution to every 5 minutes you can run the following command

    stsadm -o sync –synctiming m:5

    If those actions will not work please let me know


    MCITP|MCTS SharePoint| SharePoint Performance blog

    Wednesday, February 22, 2012 4:34 PM
  • Thanks for the response Bogdan.  I've done a full profile import and ran the "stsadm -o sync -listolddatabases 1" command but nothing shows up.  It says:

    Shared Service Provider SSP
    No databases match the criteria for this Shared Service Provider

    So there is nothing to delete.

    Any other ideas?

    Thursday, February 23, 2012 7:07 PM
  • Hi,

    Yes your results show that the data is in sync.

    I hope this will help you out.


    Thanks, Rahul Rashu

    Thursday, February 23, 2012 7:11 PM
  • Hi Rahul,

    What I was trying to say in my reply is that the problem in my original post still exists.  So although my data is in sync, I am still seeing a few old domain usernames in people picker in one site collection.  There seems to be no way to get rid of them.

    Thursday, February 23, 2012 7:45 PM
  •  

    In your SharePoint farm have you configured profile import from SSP? Have executed a full profile import?

    If you execute this command today stsadm -o sync -listolddatabases 1  you have the same result?

    If you check the Profile Synchronization timer job (Operations -> Timer Job status) for you web application what is his status and started date?


    MCITP|MCTS SharePoint| SharePoint Performance blog

    • Marked as answer by Lhan HanModerator Monday, February 27, 2012 1:35 AM
    • Unmarked as answer by tyrone888 Tuesday, February 28, 2012 8:39 PM
    Friday, February 24, 2012 8:07 AM
  • 1. Yes, I have configured the profile import from SSP and executed a full profile import.

    2. stsadm -o sync -listolddatabases 1 results in the following message:
    "Shared Service Provider SSP
    No databases match the criteria for this Shared Service Provider"

    3. Profile Synchronization timer job status is "Succeeded 100% 2/28/2012 12:00PM"

    So while my profiles are in sync, people picker still displays cached user accounts from our old domain.  Again, this problem exists on only one site collection.  Other site collections are ok.

    Tuesday, February 28, 2012 8:43 PM
  • Finally!  I found a way to delete these "stubborn" users who do not show up in the User Information List from showing up in People Picker!  I had to do the unthinkable and "touch" the SQL server by running a SELECT query to find their user id.  Then I used that id in SharePoint to view their profile where I could finally delete the account from the site collection.  Not sure why I didn't think of this before but at least it works for me.

    So here are the steps I took:

    1. In SQL: SELECT * FROM [WSS_Content_DatabaseName].[dbo].[UserInfo] WHERE tp_Login='DOMAIN\username'
    2. Take note of the tp_ID
    3. In IE, go to http://<your sharepoint site collection/_layouts/userdisp.aspx?ID=tp_ID, where tp_ID is the number you found from your select statement.
    4. It should take you to the user's profile where you can click on the Delete User from Site Collection button.

    I hope that helps people who find themselves in the same situation as me.


    • Edited by tyrone888 Wednesday, March 14, 2012 8:09 PM
    • Marked as answer by tyrone888 Wednesday, March 14, 2012 8:12 PM
    Wednesday, March 14, 2012 8:08 PM
  • Hi,

    More information on this issue.

    When we delete the SharePoint user; it doesn't delete users deleted in AD from sites.  You can delete them and the users will remain in the UserInfo table of the Content Database, with a tp_Deleted = 1.  They're never completely removed from the Content Database in order to preserve their name for items the user may have created/modified/etc.

    Like Trevor says, content databases will keep this info for auditing reasons, etc.  Users will eventually get housecleaned in profile information (good reference here http://www.harbar.net/archive/2011/02/10/account-deletion-and-sharepoint-2010-user-profile-synchronization.aspx) 

    But you'll need to either manually delete the users in the site collection (deleting the account from the collection will remove it entirely from the collection) or you could iterate through all collections using PowerShell. This reference is for deleting whacks of users, but you can use it as a reference to target an individual with a few tweaks.

     http://blog.isaacblum.com/2011/02/24/remove-delete-users-from-all-sites-and-site-collections-within-a-web-application/


    Monday, December 8, 2014 4:24 AM
  • This fixed the issue we were having! Thanks for the advice 5 years later!
    Friday, March 17, 2017 2:12 PM