SharePoint 2010 User Profile Synchronization and AD Account Deletion

Recently I’ve been asked about what happens to accounts deleted from Active Directory with respect to SharePoint 2010 User Profiles, and the User Profile Synchronization service instance.

Let’s take a simple scenario of an AD(SharePoint Users) which contains 60 users, this will be used by our SharePoint Synchronization Connection. Once we’ve run an Incremental Synchronization, all is good we see all of these users in UPA Management and also within Manage User Profiles (there are 61 because there is also a profile for the Administrator account).

So far so good, nothing out of the ordinary. We now go ahead and delete all the test user accounts in AD (let’s say few users) and run another Incremental Synchronization.

During the DS_DELTAIMPORT phase of synchronization, the deleted accounts are removed from the metaverse (Sync DB).

What will happen here is that during the first incremental synchronization after the accounts are deleted from AD, the user profiles will be marked for deletion in the Profile database.

This is important. It is also a common misconception that a full synchronization is required. The profiles still exist in the Profile DB and are a simply marked for deletion. This aside from being confusing in the UI, can lead to problems in custom code that does something based upon the total number of profiles. It doesn’t matter how many times we run a sync, the total profiles will remain the same.

In order to actually delete the profiles, we must run the My Site Cleanup Timer job. This job will delete the profiles marked for deletion and therefore once complete make the count tally with the number of usable profiles. The My Site Cleanup Job is scheduled to run hourly by default (and I strongly recommend you do not change this, for once, entirely reasonable default). An important point to note is that this job requires a My Site Host to be configured on the UPA, even if you are not using My Sites. If there is no My Site Host configured the job will fail and the profiles marked for deletion will never be deleted.

Hope this helps 🙂

Advertisements

One thought on “SharePoint 2010 User Profile Synchronization and AD Account Deletion

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s