SharePoint: The complete guide to user profile cleanup – Part 1

Part 1: High-level Concepts

If you have certain users that still show in the organization chart web part or "people search" results after being deleted or disabled in Active Directory, then it's likely that the process to automatically clean up those user profiles is not working.

Throughout the lifetime of SharePoint, there have been several changes to how user profiles are imported and how they are automatically cleaned up when they fall out of scope.

In upcoming posts, I will cover them all, for each currently-supported version of the product. However, I think it's best to cover a few high-level topics that apply to all versions and all profile sync methods first.

 

Out of Scope:

When I say that a user is "out-of-scope" for profile sync, it simply means that the current sync configuration excludes them, which can be due to one of the following factors:

  • OU / Container Selection: the user does not exist in the containers you have selected for sync.
  • Connection Filters: The current sync connection filters exclude the user.
  • Deletion: The user has been deleted from Active Directory or whatever directory store you're importing from.

 

Unmanaged Profiles:

Unmanaged profiles are simply that: user profiles that exist in the User Profile Service Application (UPA), but are not being managed by the sync. These are also known as "stub" profiles, or "non-imported" profiles. Typically, the reason that these profiles are "unmanaged" is because they are "out-of-scope" for the sync for one of the reasons above. I covered this topic in detail in a previous post here: https://blogs.technet.microsoft.com/spjr/2018/11/21/sharepoint-all-about-non-imported-user-profiles/

 

Cleanup process:

Assuming we're talking about managed profiles (those imported by the Profile Sync / Import), the process goes like this:

  • The Sync imports the user profile.
  • Later the user falls "out-of-scope" for one reason or another as covered above.
  • At this point, the Sync marks the profile for deletion, but does not actually delete anything. The profile should show in the "Profiles Missing from Import" view in the UPA | Manage User Profiles.
  • The "My Site Cleanup Job" timer job processes the profiles that are marked for deletion and actually deletes them. It also schedules the users personal site (mysite) for deletion, but that's a separate topic…

 

Depending on the version and import method used, there are different factors in play and issues to be aware of. To avoid one gigantic and confusing post, I have chosen to split these topics out by SharePoint version.

Part 2: SharePoint 2010

Part 3: SharePoint 2013

Part 4: SharePoint 2016