AD Account is not selected in profile connections, but exists. How to get remove?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/176869

  •  08-10-2020
  •  | 
  •  

Domanda

I have a service account that is in our SharePoint and needs to be removed. The account still needs to exist in AD, just not in SharePoint. This account is from an OU that is not selected in the "Edit synchronization connection" settings on the UPSA.

I have tried setting the UPSA to -PurgeNonImportedObject $true in PowerShell and running the profile sync again, but this did not resolve my issue.

Is there a way to sync SharePoint with AD and remove any user that is not set to be imported?

È stato utile?

Soluzione

Even if OU is not on Import List, But if a user browses the site then SharePoint will create a profile for it.

If you don't want the user's my site then Delete it and Delete the profile from UPA. It will not delete the ID from AD.

Now, if someone again login with that service account, SharePoint will create the profile again.

Altri suggerimenti

You can schedule PowerShell to remove a specific account, or adapt this to remove more than one account, or an account based on any property available with the UPSA.

$wa = Get-SPWebApplication -IncludeCentralAdministration | ?{$_.DisplayName -match "Central"}
$site = $wa.Sites[0]
$ctx = Get-SPServiceContext -Site $site
$upm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($ctx)
$profiles = $upm.GetEnumerator()

foreach($up in $profiles)
{
    if ($up["AccountName"] -contains "ServiceAccountName")
    {
        Write-Host -ForegroundColor Yellow "Removing profile for $($up['AccountName'])..."
        $upm.RemoveProfile($up)
    }
}

Remove profiles after profile-import process probably would work, but another nice solution is to "filter" your service accounts before profile sync.

Try to:

1 - Central Administration

2 - Manage Service Applications

3 - User profile Service Application

4 - Configure Synchronization Connections

5 - Select your sync connection and try to "Edit Connection Filters".

We have managed to filter our service accounts using this filters... With this technique we avoided the use of PS scripts and other custom solutions.

PS: If you choose to go with PS Script approach, please consider that any user profile sync would probably recreate the profiles removed by the script.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top