Skip to main content

User Profile Service Sync Scenarios


Some research about how the user profile service app, and how it stores and cleans up profiles for the following scenarios:

- What happens when a user is “Disabled”

- What happens when a user is “Moved” into an OU that is NOT flagged for import from AD)

- What happens when a user is “Removed” from active directory.

When a user is "Disabled" in AD

  • User profile sync will NOT remove the user from SP user profiles. Because this user may still have meta information in site collections.
  • This disabled user will loss previous accesses associated with him, but all the files items/documents/files he was working with will be kept.



When a user is "Moved" into an OU that is NOT flagged for import from AD or when user is "Removed" from AD


What if I want my user profile service NOT to pick up any disabled account?


To filter/exclude users during imports, do the following:
  • Go to Central Administration and under Application Management, click Manage service applications
  • Click on the link to your User Profile Service Application
  • Under Synchronization, click Configure Synchronization Connections
  • Click on the connection you want to filter and select Edit Connection Filters from the drop down
  • Under Exclusion Filter for Users, select whether the statement should be "AND" or "OR" (So if you have multiple filter statements, make sure you pick the right one)
  • Select the Attribute to filter (wait for the page to reload as it's updating the Operator fields)
  • Select the Operator to use (changes based on attribute)
  • Input the filter value into the Filter field
  • Click Add to include the exclusion filter

Examples

Exclude disabled users:

  • Attribute - userAccountControl
  • Operator - Bit on equals
  • Filter - 2
Labels:

Comments

Post a Comment

Popular posts from this blog

A Step-by-Step guide to use HttpModule in SharePoint with SPContext

I guess you must be familiar with what is HttpModule and how can we leverage it for our web applications. But if not, better have a good read of this article . SharePoint is built on top of .NET, so it has all the rights to use the beauties of .NET. Here I want to demo a simple case of httpmodule on SharePoint. Say if in a company it has lots of site collections and user 'Picky Docky' has access for all of them, for a reason farm administrator want to block him for one of the specific site without change his SharePoint permissions. Here are the steps to do it:-)   Create a empty SharePoint solution add a class file to it named  CustomSecurityModule.cs , code as below Create a feature and scope to "WebApplication" Create a feature receiver. Code as below When activate the feature it will create a modle in the web.config file for the SharePoint web applicaiton you deployed to as below: Enjoy!
2 comments
Read more

Gist

If you want to embed source code (e.g. C#, HTML..) to your blog post I recommend to use Gist https://github.com/ . Especially if you want to give your readers the opportunity to copy and paste your code.
Post a Comment
Read more

A SharePoint 2013 weather web part

I created a nice SharePoint 2013 weather web part. It has extremely simple code-behind and so easy for you to use or extend.  The core is using Yahoo! Weather Feed Plugin for jQuery Please go to https://weatherwebpartsp2013.codeplex.com/  to grab it. It is free with all the source code. Enjoy!
Post a Comment
Read more