User Profile Sync Issue with AD

Hi,

We are seeing disabled AD users in SharePoint even though we have connection filters.

extensionAttribute3 Does not equal 1

userAccountControl  Bit on equals 2

Once user has been disabled in AD after running user profile sync job it has to be queued for deletion.For some reason this is not happening.I have also tried deleting the user manually from user profile and if I run the profile job user is importing back in to sharepoint even though they are disable in AD.

Due this we are seeing disabled ad users in our ORG Chart.Please help me on this issue.

Thank You


June 22nd, 2015 2:35pm

Did you create the connection filter with an AND or an OR?  The UserAccountControl setting of 2 is correct, but the extensionAttribute3 does not equal 1 I don't recognize.  The default is to use AND so if it was created that way then you are only filtering users where both of those are true and that may miss a lot of disabled users.  Check the following article for a more in depth discussion of the importance of AND vs OR.

http://www.harbar.net/archive/2011/02/22/323.aspx

Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2015 5:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics