Orphan User Account

Diana Weaver 120 Reputation points
2024-08-06T16:20:07.98+00:00

We are having issues with a user account were there is an orphan account record that is causing an issue. How do I see where the orphan record is located?

The user had a different account years ago and when he returned we created a new user account. The usernames are different. When I search for the user it provided me with his old name. Our AD group is correct.

We are using Sharepoint server 2010.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,611 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 34,741 Reputation points Microsoft Vendor
    2024-08-07T02:44:24.8333333+00:00

    Hi @Diana Weaver,

    It is not possible to manually check for SharePoint 2010 orphaned users and clean them, as it would take lot of time. I would recommend you to find & delete Orphaned users in SharePoint.

    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
     
    #Parameter
    $WebAppURL="https://intranet.crescent.com"
      
    #Function to Check if a User exists in AD
    Function Check-UserExistsInAD()
    {
        Param( [Parameter(Mandatory=$true)] [string]$UserLoginID)
        Write-host $UserLoginID
        #Search the User in AD
        $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
        foreach ($Domain in $forest.Domains)
        {
            $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $Domain.Name)
            $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
         
            $root = $domain.GetDirectoryEntry()
            $search = [System.DirectoryServices.DirectorySearcher]$root
            $search.Filter = "(&(objectCategory=User)(samAccountName=$UserLoginID))"
            $result = $search.FindOne()
      
            if ($result -ne $null)
            {
               return $true
            }
        }
      return $false 
     }
       
    #Get all Site Collections of the web application
    $WebApp = Get-SPWebApplication $WebAppURL
      
    #Iterate through all Site Collections
    Foreach($site in $WebApp.Sites) 
    {
        #Get all Webs with Unique Permissions - Which includes Root Webs
        $WebsColl = $site.AllWebs | Where {$_.HasUniqueRoleAssignments -eq $True} | ForEach-Object {        
        $OrphanedUsers = @()        
        #Iterate through the users collection
        ForEach($User in $_.SiteUsers)
        {
            #Exclude Built-in User Accounts , Security Groups
            if(($User.LoginName.ToLower() -ne "nt authority\authenticated users") -and
                ($User.LoginName.ToLower() -ne "sharepoint\system") -and
                    ($User.LoginName.ToLower() -ne "nt authority\local service")  -and
                        ($user.IsDomainGroup -eq $false ) )
                    {
                        $UserName = $User.LoginName.split("\")  #Domain\UserName
                        $AccountName = $UserName[1]    #UserName
                        if ( ( Check-UserExistsInAD $AccountName) -eq $false )
                        {
                                    Write-Host "$($User.Name)($($User.LoginName)) from $($_.URL) doesn't Exists in AD!"
                                          
                                    #Make a note of the Orphaned user
                                    $OrphanedUsers+=$User.LoginName
                        }
                    }
            }
        }
    }
             
    # ****  Remove Users ****#
    # Remove the Orphaned Users from the site
    # foreach($OrpUser in $OrphanedUsers)
    #   {
    #        $_.SiteUsers.Remove($OrpUser)
    #        Write-host "Removed the Orphaned user $($OrpUser) from $($_.URL) "
    #   }
    
    
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.