Export and get the list of Orphaned users from SharePoint 2016 On premises - using PowerShell

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/276143

Question

I'm using SharePoint 2016 On-premises server, we have two main site collection, I need to get a list of orphaned users in each site collection.

I've come across this PowerShell script mentioned here which gives me a list of all users in my site collection, which is not meeting my requirement.

I want to get the list of Orphaned users(who are not part of the active directory) from SharePoint 2016 On-prem - using PowerShell in an excel format or txt format,

Please help me with some power-shell script

Was it helpful?

Solution

I have used the same code, I have commented the section to remove the user, once after testing, you can uncomment the section. At line number 46, specify Your OUTPUT FILE NAME in which you will get all the Orphaned users in excel.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue 
#Parameter 
$WebAppURL="YOUR WEB APPLICATION URL" 
#Function to Check if a User exists in AD 
Function Check-UserExistsInAD() 
{
    Param( [Parameter(Mandatory=$true)] [string]$UserLoginID)
    Write-host $UserLoginID
    #Search the User in AD
    $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
    foreach ($Domain in $forest.Domains)
    {
        $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $Domain.Name)
        $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
        $root = $domain.GetDirectoryEntry()
        $search = [System.DirectoryServices.DirectorySearcher]$root
        $search.Filter = "(&(objectCategory=User)(samAccountName=$UserLoginID))"
        $result = $search.FindOne()
        if ($result -ne $null)
        {
        return $true
        }
        }
        return $false
    } 
    #Get all Site Collections of the web application 
    $WebApp = Get-SPWebApplication $WebAppURL 
    #Iterate through all Site Collections 
    Foreach($site in $WebApp.Sites) 
    {
        #Get all Webs with Unique Permissions - Which includes Root Webs
        $WebsColl = $site.AllWebs | Where {$_.HasUniqueRoleAssignments -eq $True} | ForEach-Object {
        $OrphanedUsers = @()
        #Iterate through the users collection
        ForEach($User in $_.SiteUsers)
        {
            #Exclude Built-in User Accounts , Security Groups
            if(($User.LoginName.ToLower() -ne "nt authority\authenticated users") -and($User.LoginName.ToLower() -ne "sharepoint\system") -and($User.LoginName.ToLower() -ne "nt authority\local service") -and($user.IsDomainGroup -eq $false ) )
            {
                $UserName = $User.LoginName.split("\") 
                #Domain\UserName
                $AccountName = $UserName[1] #UserName
                if ( ( Check-UserExistsInAD $AccountName) -eq $false )
                {
                    Write-Host "$($User.Name)($($User.LoginName)) from $($_.URL)" #doesn't Exists in AD!"
                    $($User.Name);$($User.LoginName);$($_.URL) | out-file "d:OrphanedUsersRpt.txt" #Your OUTPUT FILE NAME
                    #Make a note of the Orphaned user
                    $OrphanedUsers+=$User.LoginName
                }
            }
        }
    }
}
# **** Remove Users ****# 
# Remove the Orphaned Users from the site 
# foreach($OrpUser in $OrphanedUsers) 
# { 
# $_.SiteUsers.Remove($OrpUser) 
# Write-host "Removed the Orphaned user $($OrpUser) from $($_.URL) " 
# }

For more information, kindly check the below links,

  1. https://www.sharepointdiary.com/2013/07/find-and-delete-orphaned-users-in-sharepoint-using-powershell.html

  2. https://www.sharepointdiary.com/2012/09/find-and-delete-orphaned-users-in-sharepoint.html

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top