Come Play “Where’s Rob” at SharePoint Events

Robert Bogue January 12, 2008 No Comments

It will be a busy next few months for me. I’ve got a lot of great clients I’m working for, but it’s not that which is going to keep me busy. I’ve got a pretty jam packed conference schedule. I’m sharing it here just in case you want to try to play “Where’s Rob?” (see Where’s Waldo). Here’s the rundown of my Spring:

Date	Event Name	Sessions/Activities
February 1^st-2^nd	Sleepless in Chicago	Trainer/Presenter/Judge? (TBD)
February 4^th-6^th	SharePoint Information Worker Conference 2008	· SharePoint Designer: When should you use it and how? · Connecting Metadata in Office and SharePoint
February 10^th-13^th	Office Developers Conference 2008	· SharePoint Search and Office · Custom Authentication for SharePoint
March 3^rd-6^th	Microsoft Office SharePoint Conference 2008	· [Tentative] SharePoint for the Developer and ITPro
April 20^th-23^rd	SharePoint Connections 2008 Spring	· Workshop: SharePoint Workflows · Connect SharePoint Search and Office · Quick Integration from SharePoint to your Application · Custom Authentication for SharePoint

All of these events have a great set of content that they’re going to be delivering. It’s an amazing thing to see how the amount and depth of the content for SharePoint has grown over the last year. I hope to see you at one of these events.

Import Profiles Only for Active Users

Robert Bogue January 12, 2008 No Comments

While working with a client recently we noticed that they were still seeing disabled accounts in the people search results. That is, generally speaking, bad. But it’s actually pretty easy to fix this with a tweak of the LDAP query being used to generate the profiles. First we have to get there so go to…

Central Administration
Shared Service Provider (the one that hosts user profiles)
User profiles and properties
View import connections
Hover over the connection you want to change’s name and click edit

There’s an option in the Search Settings section titled user filter that probably has in it:

(&(objectCategory=Person)(objectClass=User))

What we want is that plus a part of the query that says not account disabled. It happens that account disabled is a part of the userAccessControl bitmapped field in AD – which means it’s not simple to determine if a bit is set or not. However, it’s possible. There is a technet “Hey, Scripting Guy” article which answers the question “How Can I Get a List of All the Disabled User Accounts in Active Directory?” It turns out the post has in it the magic key we need.

(userAccountControl:1.2.840.113556.1.4.803:=2)

If we wrap this up in a not, and add it to our query we get the results we want. By the way, the funny number in the middle of that statement is just telling LDAP to use a bitwise AND. That means that only items will be returned where the account disabled is set. Since we want the reverse we’ll wrap that up in a not, and we get a query that looks like this:

(&(objectCategory=Person)(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Immediately after doing this and doing a profile import you may be thinking that the disabled users should be gone, unfortunately no. But that’s an artifact of search.

Search doesn’t remove an entry until the entry has been missing for three full imports in a row. The thinking is that a site might be temporarily offline during the index and it would be bad to remove it from the index just for a bit of bad timing. So if you want to delete the user from the search results do three full imports and the users should disappear.

Come Play “Where’s Rob” at SharePoint Events

Import Profiles Only for Active Users

Recent Posts

Public Speaking