User Profile Service Sync Scenarios

Some research about how the user profile service app, and how it stores and cleans up profiles for the following scenarios:

- What happens when a user is “Disabled”

- What happens when a user is “Moved” into an OU that is NOT flagged for import from AD)

- What happens when a user is “Removed” from active directory.

When a user is "Disabled" in AD

User profile sync will NOT remove the user from SP user profiles. Because this user may still have meta information in site collections.
This disabled user will loss previous accesses associated with him, but all the files items/documents/files he was working with will be kept.

When a user is "Moved" into an OU that is NOT flagged for import from AD or when user is "Removed" from AD

User Profile is marked for deletion in the Profile database.
You can't retrive user information from user profile service anymore.
User won't be in search result once search crawl refreshed.
However the files/documents/items this user created will be kept.
A timer job called "My Site Cleanup will purge the profiles marked for deletion from SP user profile. this job run hourly by default.
More information: http://www.harbar.net/archive/2011/02/10/account-deletion-and-sharepoint-2010-user-profile-synchronization.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Harbar+(harbar.net)

What if I want my user profile service NOT to pick up any disabled account?

To filter/exclude users during imports, do the following:

Go to Central Administration and under Application Management, click Manage service applications
Click on the link to your User Profile Service Application
Under Synchronization, click Configure Synchronization Connections
Click on the connection you want to filter and select Edit Connection Filters from the drop down
Under Exclusion Filter for Users, select whether the statement should be "AND" or "OR" (So if you have multiple filter statements, make sure you pick the right one)
Select the Attribute to filter (wait for the page to reload as it's updating the Operator fields)
Select the Operator to use (changes based on attribute)
Input the filter value into the Filter field
Click Add to include the exclusion filter

Examples

Exclude disabled users:

Attribute - userAccountControl
Operator - Bit on equals
Filter - 2

Comments

A Step-by-Step guide to use HttpModule in SharePoint with SPContext

I guess you must be familiar with what is HttpModule and how can we leverage it for our web applications. But if not, better have a good read of this article . SharePoint is built on top of .NET, so it has all the rights to use the beauties of .NET. Here I want to demo a simple case of httpmodule on SharePoint. Say if in a company it has lots of site collections and user 'Picky Docky' has access for all of them, for a reason farm administrator want to block him for one of the specific site without change his SharePoint permissions. Here are the steps to do it:-) Create a empty SharePoint solution add a class file to it named CustomSecurityModule.cs , code as below Create a feature and scope to "WebApplication" Create a feature receiver. Code as below When activate the feature it will create a modle in the web.config file for the SharePoint web applicaiton you deployed to as below: Enjoy!

SharePoint 2013 online Parent/Child relationship - A step by step demo

SharePoint uses lookup fields to represent the Parent-Child relationship. For child list items it is OK as you can trace back to its parent from the lookup field. For parent the OOB forms are not good enough as they are not displaying the children belong to it. In real world it is often required that when view the parent list item it also displays its children, further more it is great if user can add child list items directly from the parent. In SharePoint on-premise we can use visual web parts and code the parent/child logic and use web part pages to replace the parent item forms. In SharePoint online we can't do server model code and visual web parts, so the solution is almost NO CODE and just a little bit client side scripts, and they work beautifully! Here I will do a step by step demonstration to explain the ideas: Step 1: Create a parent list called "Category" and a child list called "Product", in Product list add a lookup field to reference Cat...

SharePoint search on local file drive - Why and How

A team member asked me why in some situation we need to use SharePoint search on local file drive as we can do 'search' directly on the folder in windows. I think it is necessary to do some research to show why and why the benifit is to do this. And more importantly - HOW. WHY? If you've played around with SharePoint local file search the answer is straight-forward: You can let it search multiple local file drives, but using windows you can hardly do this. SharePoint can search 'into' the real content even the keyword is in content of files in zip file . See the comparison I did a search for keyword 'issue': Window built-in search: SharePoint search: SharePoint search can easily filter the result by type/date etc. SharePoint can show a bit of content from the files found to give a bit more indication. ... HOW It's hard to find a step-by-step guide talking about how to make it work. That's why here I am:-) Go to the f...

Ting Li talks about Azure, SharePoint and .NET

Search This Blog