Duplicate Accounts in People Picker

We experienced an issue where the people picker showed user accounts that were removed from AD and the UPS. This cause issues with our workflows etc as users would select the incorrect user from the list. Based on our understanding the People Picker should only show users from AD and you can set various different filters using STSADM to fine tune this.

We tried all the different filter options with no luck and eventually got Microsoft involved. After some investigations we found that the People Picker actually shows values from AD AND the hidden user list found on all site collections: http://<site>/_catalogs/users

Now typically the MySite cleanup jobs should fix this and remove these dormant\inactive users from the list, but in our case seemed to have failed somewhere and did not seem to correct itself (we have been moving users between domains as part of a reconciliation project of our business units). Our fix came in a PowerShell script to force the removal of these accounts. MS assured us it is a once-off and the cleanup jobs should do the rest in future (call my untrustworthy but I scheduled the job to run once a week). Just replace <site> with your site collection URL:

[system.reflection.assembly]::LoadWithPartialName(‘Microsoft.SharePoint’)[system.reflection.assembly]::LoadWithPartialName(‘Microsoft.SharePoint’)
$Spsite = new-object Microsoft.SharePoint.SPsite(‘http://<site>’)$UnresolvedUsers = new-object System.Collections.ArrayList$IgnoreNonWindowsUsers = $true
foreach ( $user in $spsite.RootWeb.SiteUsers ){ $NTAccount = new-object System.Security.Principal.NTAccount($user.LoginName) try { $TranslatedToSidObject = $NTAccount.Translate([System.Security.Principal.SecurityIdentifier]) } Catch [System.Security.Principal.IdentityNotMappedException] { $UnresolvedUsers.add($user) | out-Null }}
#do not remove SharePoint\system$system = $UnresolvedUsers | where { $_.loginName.contains(‘SHAREPOINT\system’) }$UnresolvedUsers.Remove($system)
#do not remove non-windows usersif ( $IgnoreNonWindowsUsers){ $NonWindowsUsers = new-object System.Collections.ArrayList $UnresolvedUsers | where { -not $_.loginName.contains(‘\’) } | % { $NonWindowsUsers.Add($_) | out-Null } $NonWindowsUsers | % { $UnresolvedUsers.Remove($_) }}
$UnresolvedUsers | ft -AutoSize LoginName, Name, Email | Out-Default$NonWindowsUsers | ft -AutoSize LoginName, Name, Email | Out-Default
#Final Line ( Destructive )$UnresolvedUsers | % { #Write-host “Removing User :” $_.LoginName “…”; try { $spsite.RootWeb.SiteUsers.Remove($_.LoginName) } catch { Write-host “The user is not removed” $_.Exception.message } }

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Duplicate Accounts in People Picker

Related

Leave a Reply Cancel reply

Share this:

Related

Leave a Reply Cancel reply