Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, February 18, 2013 4:43 PM
hi
we have a sp2010 installation with tons of documents..
When we delete a user from AD... the person left the company etc...
What happens to that persons documents? We've never dared delete users.. we only disable them in AD.. but it create a lot of confusion since these users still pop up in searches etc etc..
So what will happen in SP when I delete a user in AD?
Kindest regards, Martin
All replies (10)
Monday, February 18, 2013 5:54 PM ✅Answered | 1 vote
Whatever happens to a user when you delete them from AD, or delete their profile, their username will always appear attached to documents written by them or against comments they've added within your team sites and other intranet sites. This is because of the way that SharePoint takes a local copy of the user information into each site collection when that user interacts with the site. This entry is placed in the root of the Site Collection, in a hidden list called the User Information List. Any documents or list items in that site collection that refers to this user will still refer to them by name.
If you delete their profile or cause their profile to be deleted by the import (I think this happens when the AD full import doesn't find that person 3 times), then any alerts and other personal links they had stored will be removed and I believe the contents of their mysite will be removed (Not 100% certain on that though)
Paul.
Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.
Tuesday, February 19, 2013 4:15 PM ✅Answered
They won't change, however your site collection administrators should be able to override security on any file if the departing user gave only his account access.
Paul.
Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.
Tuesday, February 19, 2013 4:59 PM ✅Answered | 1 vote
All users are left in the User Information List of the SharePoint Content Database. They're marked as tp_Deleted = 1 in order to maintain referential integrity to documents, workflows, list items, and so forth.
SharePoint - Nauplius Applications
Microsoft SharePoint Server MVP
MCITP: SharePoint Administrator 2010
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Tuesday, February 19, 2013 5:27 PM ✅Answered
SharePoint holds the SID. If you delete an Active Directory account, you can create a new account (even with a different username), and simply run:
$user = Get-SPUser -Identity "DOM\OldUser" -Web http://sitecollUrl
Move-SPUser -Identity $user -NewAlias "DOM\NewUser" -IgnoreSID
Or:
stsadm -o migrateuser -oldlogin "dom\olduser" -newlogin "dom\newuser" -ignoresidhistory
For user accounts you want to change the login name, just drop the ignoresid parameter.
SharePoint - Nauplius Applications
Microsoft SharePoint Server MVP
MCITP: SharePoint Administrator 2010
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Tuesday, February 19, 2013 5:46 PM ✅Answered
IgnoreSID is basically when the old and new SID do not match (for example, deleted the old account and created a new one, or did a domain migration without enabling SID History, or just changing one user account to another).
SharePoint - Nauplius Applications
Microsoft SharePoint Server MVP
MCITP: SharePoint Administrator 2010
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Monday, February 18, 2013 5:22 PM
Hi,
As per my understanding nothing will happen to those documents. You can get those document what ever that particular user created.
If you need more information please let us know
Sekar - Our life is short, so help others to grow
Whenever you see a reply and if you think is helpful, click "
Vote As Helpful"! And whenever you see a reply being an answer to the question of the thread, click "
Mark As Answer
Monday, February 18, 2013 5:50 PM
1) There will be no effect with SharePoint if you deleted any user profile in AD who already left organization.
2) If you have incremental sync and you deleted active user in AD, then that user might have issues.
Santosh sethi
Monday, February 18, 2013 6:25 PM
thanks..
what about security rights?
If a user sets certain security rights on a document...
then he leaves..
I delete the AD user account
SP does it's crawl and removes info on the user... (3 time crawl)
What happens to the document rights?
Kindest regards, Martin
Tuesday, February 19, 2013 5:25 PM
hi all
thanks a lot for all your answers...
Someone asked me... But what if a user leaves the Company.... then 1 year later... we rehire him...
I would've deleted that account when he left....
but say he returns... resumes in the position he had the first time...
Does SP look at the SID of that user... or the AD account name?
We had a girl who stopped .. then about a year later she returned.. she got the same username etc. but of course it was a new account... we didn't have SharePoint at that time, so no problems there.. but what if it happens Again?
Oh.. all these questions.. I also have some users who have OLD OLD account names from before the Company had any structure... we really want to change their login from the old antiquated logins to our newer and more IT-savvy way of naming accounts...
But I suppose the above question would be answered if SP looks at SIDs ...
Kindest regards, Martin
Tuesday, February 19, 2013 5:44 PM
SharePoint holds the SID. If you delete an Active Directory account, you can create a new account (even with a different username), and simply run:
$user = Get-SPUser -Identity "DOM\OldUser" -Web http://sitecollUrl
Move-SPUser -Identity $user -NewAlias "DOM\NewUser" -IgnoreSID
Or:
stsadm -o migrateuser -oldlogin "dom\olduser" -newlogin "dom\newuser" -ignoresidhistory
For user accounts you want to change the login name, just drop the ignoresid parameter.
SharePoint - Nauplius Applications
Microsoft SharePoint Server MVP
MCITP: SharePoint Administrator 2010This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Hi Trevor.. THANKS..!
Can you explain what you mean by that last part.. "For user accounts you want to change the login name, just drop the ignoresid parameter." ?
Kindest regards, Martin