Skip to main content

User Profile Service Sync Scenarios


Some research about how the user profile service app, and how it stores and cleans up profiles for the following scenarios:

- What happens when a user is “Disabled”

- What happens when a user is “Moved” into an OU that is NOT flagged for import from AD)

- What happens when a user is “Removed” from active directory.

When a user is "Disabled" in AD

  • User profile sync will NOT remove the user from SP user profiles. Because this user may still have meta information in site collections.
  • This disabled user will loss previous accesses associated with him, but all the files items/documents/files he was working with will be kept.



When a user is "Moved" into an OU that is NOT flagged for import from AD or when user is "Removed" from AD


What if I want my user profile service NOT to pick up any disabled account?


To filter/exclude users during imports, do the following:
  • Go to Central Administration and under Application Management, click Manage service applications
  • Click on the link to your User Profile Service Application
  • Under Synchronization, click Configure Synchronization Connections
  • Click on the connection you want to filter and select Edit Connection Filters from the drop down
  • Under Exclusion Filter for Users, select whether the statement should be "AND" or "OR" (So if you have multiple filter statements, make sure you pick the right one)
  • Select the Attribute to filter (wait for the page to reload as it's updating the Operator fields)
  • Select the Operator to use (changes based on attribute)
  • Input the filter value into the Filter field
  • Click Add to include the exclusion filter

Examples

Exclude disabled users:

  • Attribute - userAccountControl
  • Operator - Bit on equals
  • Filter - 2
Labels:

Comments

Post a Comment

Popular posts from this blog

A Step-by-Step guide to use HttpModule in SharePoint with SPContext

I guess you must be familiar with what is HttpModule and how can we leverage it for our web applications. But if not, better have a good read of this article . SharePoint is built on top of .NET, so it has all the rights to use the beauties of .NET. Here I want to demo a simple case of httpmodule on SharePoint. Say if in a company it has lots of site collections and user 'Picky Docky' has access for all of them, for a reason farm administrator want to block him for one of the specific site without change his SharePoint permissions. Here are the steps to do it:-)   Create a empty SharePoint solution add a class file to it named  CustomSecurityModule.cs , code as below Create a feature and scope to "WebApplication" Create a feature receiver. Code as below When activate the feature it will create a modle in the web.config file for the SharePoint web applicaiton you deployed to as below: Enjoy!
2 comments
Read more

How to add Lync presence to a SharePoint 2013 page

1. Add a "Snippet Editor" web part to the web part zone 2. Press "Edit Snippet" 3. Insert the following Snippet, replace the highlighte d parts with correct value <span class="ms-imnSpan"><a class="ms-imnlink ms-spimn-presenceLink" onclick="IMNImageOnClick(event);return false;" href="#"><span class="ms-spimn-presenceWrapper ms-imnImg ms-spimn-imgSize-10x10"><img name="imnmark" title="" class="ms-spimn-img ms-spimn-presence-offline-10x10x32" id="imn_1,type=smtp" alt="Offline" src="http://dpgintranettldev/_layouts/15/images/spimn.png" sip=" Your Email Address " showofflinepawn="1"></span></a></span><span class="ms-noWrap ms-imnSpan"><a class="ms-subtleLink" href="#"> Your Name </a></span> 4. Save - ...
6 comments
Read more

SharePoint 2013: Unexpected response from server issue and how to fix

From time to time when you do some operations such as search using SharePoint 2013 you may see the following error: Unexpected response from server. The status code of response is ’500′. The status text of response is ‘System.ServiceModel.ServiceActivationException’ After having this issue on newly installed SharePoint 2013 farm in production environment, I figure it out that Single server is running out of memory. Especially, thanks to one new process noderunner.exe. Noderunner.exe is the new executable of search service on SharePoint 2013. This process can’t turn it off because Search is one of essential service application in SharePoint 2013, and it is integrated in many features. So, there are some things you can do to reduce the impact of Search on your system. Solution 1 Reduce the Search Service Performance Level with this PowerShell command: Set-SPEnterpriseSearchService -PerformanceLevel Reduced or Set-SPEnterpriseSearchService -PerformanceLevel PartiallyReduced,...
Post a Comment
Read more