Saturday, July 03, 2010

Remove Disabled AD Accounts from MOSS

You would think that whenever an AD account's attributes are changed, the new info will be synchronized with MOSS profiles - but this is not the case. The following walkthrough explains how to remove the AD disabled accounts from MOSS.
The first step is to change the LDAP OOTB search filter.
To get this done:
  1. In Central Administration click on SharedServices1 on the left navigation bar.
  2. Click User Profiles and Properties (under User Profiles and My Sites section).
  3. Click View Import Connections.
  4. Hover over the only connection you have, click the down arrow and then click Edit.
  5. Scroll down to the Search Settings section. There is a box titled User Filter in that section. Paste in the following filter string and OK:
    Instead of:
    (&(objectCategory=person)(objectClass=user))
    Place this string:
    (&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))
  6. In your navigation breadcrumbs near the top of the page, click on User Profile and Properties to navigate back there.
  7. Near the bottom, click the bulleted link Start Full Import.
    This process will go through your existing profiles and mark any previous disabled accounts as inactive profiles that will no longer show or be accessible in SharePoint. Disabled accounts not previously imported by MOSS will be ignored and no profile will be created.

    The procedure above was taken from Mark Eichenberger's SharePoint Blog with minor editing:http://sharepoint.microsoft.com/blogs/MarkE/Lists/Posts/Post.aspx?List=fd220abd%2D850c%2D44a4%2D85d8%2D805efe79f85a&ID=10
Next, remove current extra accounts: In Shared Services1 / Profiles and Properties / View User Profiles select the Profiles Missing from Import and delete them.

Import the profiles again
Create index to the related Data Source (usually all items)
And lastly, update the Search Scopes.

You should now have  a clean SharePoint User Profile list synchronized with AD.

1 comment:

  1. I appreciate you for taking the time out of your day to share the great part from your experiences and honestly I got it at the best point. If you have another free time would you please share your thought on our newly added product here http://www.royalgorden.com/. Thank you in advance and have a great time...

    ReplyDelete

Enter your comment here