Find and Delete Orphaned Users in SharePoint
Orphaned User? Who are they?
Orphaned users are those who have been disabled/removed from Active Directory, but still have permissions to sites, lists and items. Internally, SharePoint keeps them in "UserInfo" table of the content database for meta-data such as created/modified by fields.
Its unavoidable in any organization where employees constantly on-boarding and off-boarding. Its really difficult to manage, when it comes to thousands of sub-sites, sites, libraries and lists with their own sets of permissions.
It is a best practice to delete orphaned users to keep the farm clean & organized. Also this will solve the problem of deleted active directory users still appearing on the people picker which was discussed here People Picker not showing users from Active Directory? . If you know the user base or criteria then you can use: Clean-up User Information List
Found only few users and want to delete them?
Go to: http://YOUR-SHAREPOINT-SITE-URL/_layouts/people.aspx?MembershipGroupId=0
This will give the master list of users in site collection, from here you can remove users who are no longer need by clicking "Remove Users from Site Collection"
If you know the orphaned user name (E.g. Employee left the Company), You can go to above URL Filter and delete the particular user. Alternatively, You can query the SQL Server table to find the orphaned users. Here is how:
Step 1. Open SQL Server Management Studio from SharePoint's SQL box, and run this query for relevant content database.
Step 2. Take note of the tp_ID column value
Step 3. Go to http://<your sharepoint-site-collection/_layouts/userdisp.aspx?ID=tp_ID, where tp_ID is the number you found from the above select statement.
Step 4. This will take you to the user's profile where you can click on the Delete User from Site Collection button.
However, it is not possible to manually check for SharePoint 2010 orphaned users and clean them, as it would take lot of time. Things become easier with PowerShell, Lets use it here to find & delete Orphaned users in SharePoint.
How to Find and Delete Orphaned Users in SharePoint using PowerShell
Here is my script to Find and Delete Orphaned SharePoint Domain Users: Find and Delete Orphaned Users in SharePoint with PowerShell
Related Post: Remove all alerts assigned to Orphaned users: Find and Delete Orphaned Alerts in SharePoint
Orphaned users are those who have been disabled/removed from Active Directory, but still have permissions to sites, lists and items. Internally, SharePoint keeps them in "UserInfo" table of the content database for meta-data such as created/modified by fields.
Its unavoidable in any organization where employees constantly on-boarding and off-boarding. Its really difficult to manage, when it comes to thousands of sub-sites, sites, libraries and lists with their own sets of permissions.
SharePoint doesn't automatically remove users when they are deleted or disabled in Active directory!
Why we care about Orphaned users?It is a best practice to delete orphaned users to keep the farm clean & organized. Also this will solve the problem of deleted active directory users still appearing on the people picker which was discussed here People Picker not showing users from Active Directory? . If you know the user base or criteria then you can use: Clean-up User Information List
Found only few users and want to delete them?
Go to: http://YOUR-SHAREPOINT-SITE-URL/_layouts/people.aspx?MembershipGroupId=0
This will give the master list of users in site collection, from here you can remove users who are no longer need by clicking "Remove Users from Site Collection"
If you know the orphaned user name (E.g. Employee left the Company), You can go to above URL Filter and delete the particular user. Alternatively, You can query the SQL Server table to find the orphaned users. Here is how:
Step 1. Open SQL Server Management Studio from SharePoint's SQL box, and run this query for relevant content database.
SELECT * FROM [MOSS_Content_DatabaseName].[dbo].[UserInfo] WHERE tp_Login='DOMAIN\UserID'
Step 2. Take note of the tp_ID column value
Step 3. Go to http://<your sharepoint-site-collection/_layouts/userdisp.aspx?ID=tp_ID, where tp_ID is the number you found from the above select statement.
Step 4. This will take you to the user's profile where you can click on the Delete User from Site Collection button.
However, it is not possible to manually check for SharePoint 2010 orphaned users and clean them, as it would take lot of time. Things become easier with PowerShell, Lets use it here to find & delete Orphaned users in SharePoint.
How to Find and Delete Orphaned Users in SharePoint using PowerShell
Here is my script to Find and Delete Orphaned SharePoint Domain Users: Find and Delete Orphaned Users in SharePoint with PowerShell
Related Post: Remove all alerts assigned to Orphaned users: Find and Delete Orphaned Alerts in SharePoint
Related Posts:
Saludeen-
ReplyDeleteThis is a great script. I hope you don't mind, but I used it as the basis for a similar script that I had a need for, then added some "improvements". Let me know if you're interested in seeing them. Maybe we can collaborate on making this a great powershell tool.
-Larry
larry DOT wapnitsky AT tmnas DOT com
Sure, I'm open Larry!
DeleteHi Larry
DeleteMay I take a look at your scripts?
Thanks a lot!
If a user is deleted from the user list, what happens to any content associated with that user - is it gone or still around?
ReplyDeleteIf still around, who is listed as the owner?
Thanks
Content stays intact. Owner Information replaced with "System Account"
DeleteI have removed a few users in the manual way, but keep seeing the names in the people picker when adding new users to a group. How can I prevent this behaviour
ReplyDeleteArchie, That is because: People picker get entries from Both AD and "User Information List". Here is how you can cleanup your UIL: How to Cleanup SharePoint User Information List
DeleteSalaudeen Rajack, To my humble opion this is exactly what is mentioned above at: 'Found only few users and want to delete them?'. That shows how to remove users from Group=0.
DeleteMy problem is: Users are listed in the People Picker even after removing them from Group=0
Are they Removed from AD as well?
DeleteDear Saladeen,
ReplyDeleteI am using Sharepoint 2013 foundation , and when I delete Item from custom list I look in the database , I see the item still there even when I delete it from the recycle bin , Please I need the column that shows that the item is deleted , knowing that the tp_deletedtransactionid in the allusersdata data is not set to a value a fter deletion , please inbox me at my email [email protected]
Thanks in advance.