Hey I'm running Sharepoint 2007 SP1 and my SharePoint User profiles are configured to import user data from Active directory, Everything works flawlessly, but I have noticed that Active Directory deleted users still exist in Sharepoint after full import (their profile is active, they do appear in People picker and in Site collection users, etc) Since that the My Site Cleanup Job timer job should be in charge of deleting inactive user profiles, I made sure it has no problems, yet still it does not delete those profiles. Any advices? Should I upgrade to SP2? Thank you.

Hi, I think it takes SharePoint 3 full imports of the user profiles before the inactive user profiles disappear. If you do not have thousands of users, you can force manually these 3 full imports. Otherwise, you have to wait depending how often the full imports are scheduled. Hope this helps. Regards, Djamel Chagour http://spbyexamples.blogspot.com/ http://mosslogviewer.codeplex.com/

Hi Djame The users I'm talking about were deleted from Active Directory more then 3 days ago. however, they still exist in People Picker. Mayrun Digmi.

Hi Mayrun, Yes, I understand. The users you deleted from AD certainly still exist in the SharePoint SSP user profiles. That's why, I suggested to run a full import of user profiles. The first full import (after the users are deleted) will make them inactive. After the 3rd full import they will disappear completely. May be I am wrong but I think that inactive users in the SSP user profiles do not appear in people picker. To run a full import of users profiles go to Central Admin > Click your Shared Service Provider under Shared services administration > User profiles and properties, under user profiles and mysite section > Start full import. You must grant yourself the right to manage user profiles : Under user profiles and mysite section, click Personalization services permissions > Select manage user profiles. Hope this helps Regards, Djamel Chagour http://spbyexamples.blogspot.com/ http://mosslogviewer.codeplex.com/

Hi Djamel I'm sorry I mislead you but I double checked and the deleted users are indeed completely deleted from SSP. however they still exists in the site collection "Users and Groups" and therefore show up when I open People Picker.

Hi, The profile import/sync job within the SSP will only update the profile ssp DB, not the site collection userinfo table. There is a SharePoint timer job that will update the site collecton DB's hourly. First i would check to see if the timer job has been updating the content DB in question. Run stsadm -o sync listolddatabases 0. This will show you the GUID ID of the content database, if any GUID's are listed, then you have a problem (perhaps because you've moved you DB or previously restored detached/restored it?). More info can be found here- http://technet.microsoft.com/en-us/library/cc263196.aspx You can repair an existing DB if you have any listed, so don't panic too much! RegardsAaron

Hi Mayrun, As a workaround I would suggest to delete the users from your site collection Users & Groups since the do not exist neither in the AD nor in the SSP profiles. Regards,Djamel Chagour http://spbyexamples.blogspot.com/ http://mosslogviewer.codeplex.com/

What are the consequences of deleting those users? What happens with their uploaded content? Will they regain access to it if they are recreated? Thank you.

If user will be recreated in AD then it will get diffrent SID then the previous one so he will not get content of previous user (SID is the thing with sharepoint is using to recognize the user and associate it with content particular user own). and content of deleted user will not be deleted. It will stay, but as user do not exist, then only admin can do something about it (change, delete). take care Mariusz, Gorzoch

What if the following scenario occurs: A user named 'John' is created, he uploads some content to the site collection, and a week after he leaves the company. His account is erased from Active Directory, SSP and Site collection's people. After a month he decides to join the company again, his account is recreated with the same account name, when he accesses sharepoint he has no access to his previous content. Is that correct? Thank you.

Yes, this is correct. Becouse when Join was uploading content his account domain\john was associated with SID=sid1. When he left company and his account was deleted and later on created again, then during creation process AD assign new SID, so in that case domain\john was associated with SID=sid2. From perespective of AD account domain\john (sid1) and domain\john (sid2) are two diffrent accounts. This is also true for Sharepoint as he is tracking sid in his userinfo table. hope that this answer your question Mariusz, Gorzoch

I guess using stsadm migrateuser isn't helpful in this case since the account no longer exists. Am I the only one with this problem? What is the best practice for deleting a user? Thank you again.

Hello... I also have the same problem, any update on this? How can we delete the user from SharePoint if the user had been deleted from the AD?

Right now it seems there is no official solution for this matter.

Hi, Please can you try running - stsadm -o sync listolddatabases 0. Do you have any listed?Aaron

See - http://support.microsoft.com/kb/2022500/en-us Would you have imported the users before a full import had been completed?Aaron

I've been using "stsadm -o migrateuser -newlogin domain\username -oldlogin domain\username -ignoresidhistory" in this situation. I usually get an error message, but more often than not it works nevertheless. Have you tried it? // Bob

Yes I do: Shared Service Provider SharedServices1 ID: f8b64521-273b-4b7f-9544-39559cecf7fb Synchronized: 1/13/2009 1:00:01 PM ID: d4ddaba6-c14c-4eb7-9139-64f48efb8d10 Synchronized: 4/21/2010 1:00:03 PM ID: 9d7ebb7a-96f3-4d14-9c2a-6a1302dfe4b8 Synchronized: 2/23/2009 5:00:01 PM ID: bae3fbd0-3bd6-4341-8653-84fbb0367b72 Synchronized: 4/21/2010 1:00:03 PM ID: 281a5fdc-3585-4f76-8ca9-952df04fb843 Synchronized: 4/21/2010 1:00:03 PM ID: c11b3777-19fb-4348-9cb6-e4e3d42b6ff8 Synchronized: 5/8/2009 11:00:00 AM How can I know what database belongs to each ID number?

The below navigation screeen should list ID numbers and Database Names: Central Administration -> Operations -> [Backup and Restore] section - Peform a backupThanks & Regards, Kamlesh | Blog | Twitter Posting is provided "AS IS" with no warranties, and confers no rights.

It only does that for the SharePoint_AdminContent database.

Also note people will stay in the user information list if you have them directly assigned to sites or documents. That is the most likely scenario for why those people are not disappearing. For instance, if person X is given read permission on site Y directly, and not via a sharepoint group, they will stay in the user information list. If they are only part of the "readers" or some other sharepoint group, then when they are deleted by the automated jobs, they will be removed from the sharepoint groups they are a part of. So to stop it from happening in the future you will need to encourage users to not assign permissions directly to sites and docs, and to use sharepoint groups instead. Of course I've never found a way to get them to do that, they use sharepoint groups for a few months but inevitably go back to assigning direct permissions. There is sql to pull up users from the user information list who are not in the ssp anymore, I could not find it off the top of my head, but I had to do it once. However you can probably write code to loop through the User Information List, and for each row compare it to the ProfileManager and see if you can pull the person up using ProfileManager.getUserProfile(strAccountName) and if it's not there you know this person was deleted from the SSP, and you can then delete them from the user information list. If you delete the user, then if they are in the createdby field of any object there might be problems if that is used in a workflow, there used to be a problem with the SPWeb object where you couldn't update the web createor/author but that was fixed in one of the service packs.

Also yes upgrade to sp2 there are some fixes for users. Finally one question are you sure they are deleted from AD or merely disabled? If disabled they will still get pulled into the SSP by default, unless you customize the import string.

Workflow related to DeleteUser should be created, and this workflow should be initiated manually by an Authorized Group may be from HR department. This way you can do 'n' number of activities related to your site collection when a profile is deleted from AD.