Dear SharePoint Community

We have SharePoint 2013 SP1 and CU Sept. 2014.

Problem:

Since last year we are filtering in "AD Import" disabled Users out. We didn't need them in our Intranet environment. But now we are building a collaboration platform. And some poeple need to authorise disabled users for their workspaces. (Site Collection)

The idea was, to use the people picker to find all (enabled and disabled) users and thats it. But i can't find any disabled users with people picker. 

The question is:

Why does it not work? (It should because many SharePoint Administrators claims to see the disabled users over people picker)

I tried to enforce the people picker to find explicit users with (userAccountControl:1.2.840.113556.1.4.803:=2). (i set just the filter not the query)

$wa.PeoplePickerSettings.ActiveDirectoryCustomFilter = "(&(objectCategory=person)(objectClass=user)(! (userAccountControl:1.2.840.113556.1.4.803:=2))"

Still doesen't find any disabled users. Even with $null value as you can see below:

--------------------------------------------------------------------

PS C:\Windows\system32> $wa.PeoplePickerSettings

SearchActiveDirectoryDomains                     : {}
ActiveDirectoryCustomQuery                       :
ActiveDirectoryCustomFilter                      :
OnlySearchWithinSiteCollection                   : False
PeopleEditorOnlyResolveWithinSiteCollection      : False
DistributionListSearchDomains                    : {}
ActiveDirectorySearchTimeout                     : 00:00:30
NoWindowsAccountsForNonWindowsAuthenticationMode : True
ServiceAccountDirectoryPaths                     : {}
ReferralChasingOption                            : None
ActiveDirectoryRestrictIsolatedNameLevel         : False
AllowLocalAccount                                : True
ShowUserInfoListSuggestionsInClaimsMode          : True
UpgradedPersistedProperties                      : {}

PS C:\Windows\system32>

----------------------------------------------------------------------------

Observation:

It seems like it can find Users who were in the "User List" on the Site Collection (but only over email address). Users who perhaps were logged once on the WebApplication and now are disabled. In my understanding, the people picker does:

1. Check the UserList on the site collection
2. Check direct in the AD (or Global Catalog)

We still have a 2007 environment which has no problem with people picker to find any disabled users. Why does SP2013 make so much trouble?

I even tried to import every user (enabled and disabled) in our test lab to find out, if it has something to do with the LDAP filtering in the AD Import. But it wasn't much help for this situation. The disabled users are now imported, but people picker still doesent find any disabled users.

I tried to find someone with the same problem --> http://sharepoint.stackexchange.com/questions/80032/unable-to-get-disabled-ad-accounts-in-people-picker (no solution here...)

Thanks for any response! Any help appreciated!

Regards

• Edited by SharePoint_Dude Friday, June 26, 2015 7:01 AM clarify some sentence

Hello

I dont want to remove the disabled AD users from SharePoint. This link you gave me is for SharePoint Profile Synchronisation Service and not for direct AD import.

I just want to know how i can find disabled users in people picker. This should be the normal case. As long as you dont set custom filters to it, people picker should find every user account in the specific domain. But in my case it doesen't.

We just have one domain and not multidomain environment.

Thanks for any further help!

• Edited by SharePoint_Dude Friday, June 26, 2015 7:51 AM

Problem still exists. Anyone with same problem out there?

Please! I need really help in this one!

Thanks!