Once an organization has installed and run SharePoint for some time, many natural tendencies are going to be noticed by users. One of these is the appearance of users that are no longer with the firm still appearing inside SharePoint groups, member lists, and various other locations. Their Active Directory profile may not show up any more; however, their SharePoint profile continues to linger on. These accounts are often termed as “dead” or “orphaned” accounts. The reason they exist when their AD account no longer exists is contributed to how SharePoint handles the creation of SharePoint profiles. SharePoint does require some form of authentication to first enter the system. This is usually an Active Directory authentication model, but can also include forms-based models, and now with the SharePoint 2010, claims-based models. Regardless of the authentication means, once a user enters the SharePoint environment, SharePoint creates a profile that is completely disjointed from the authentication model. At this point, modifications can be made to the authentication form that is not going to trickle to the SharePoint profile, this includes the deletion of unused or ‘dead’ accounts. Because SharePoint has no concept of a ‘dead’ account, there’s no native means to eliminate these accounts. If your organization experiences high-turnover; it’s recommended that a 3rd party tool be considered.
ReTweet this Tip!
Dec 13 2010, 08:00 AM