SharePoint – checking mysites has users in AD
July 2, 2012 3 Comments
One of the most common problems with SharePoint is that without sitting in central admin and going through each site collection there is no easy way of checking mysites still have users in AD. I have found that no matter what processes you have for archiving users, a few sites will always get left on the system.
So that you can avoid this you can automate a process to check this. The first step is to create a batch file that exports a list of site collections to an xml file :
SET STSADM=”c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\bin\STSADM.EXE”
%STSADM% -o enumsites -url http://”Site Name” > D:\Tasks\MySiteStats.xml
Then you will need to create a PowerShell script that will look though each site and check that it has a user in AD :
#checks mysite have users
#checks user is in AD
Function Check-ADUser
{
Param ($UsernameCK)
$Username = ($UsernameCK.Split(“\”)[1])
$ADRoot = [ADSI]”
$ADSearch = New-Object System.DirectoryServices.DirectorySearcher($ADRoot)
$SAMAccountName = “$UsernameCK”
$ADSearch.Filter = “(&(objectClass=user)(sAMAccountName=$SAMAccountName))”
$Result = $ADSearch.FindAll()
If($Result.Count -eq 0)
{
# “No such user on the Server”
$Status = “0”
}
Else
{
# “User exist on the Server”
$Status = “1”
}
$Results = New-Object Psobject
$Results | Add-Member Noteproperty Status $Status
Write-Output $Results
}
#reads in the xml file from SP server
[xml] $xmldata = Get-Content D:\tasks\MySiteStats.xml
#loop for each record
foreach( $site in $xmldata.sites.site)
{
#get the owner field
$owner = $site.owner
if ($owner -ne $Null)
{
#trims so the system has just the username
$Username = $owner.substring(12)
#checks in AD
$Status = (Check-ADUser -username “$Username”).Status
#if the user does not exist
If ($Status -eq 0)
{
#emails helpdesk to log a call to remove the old site
$emailFrom = “email from address”
$emailTo = “email to address”
$subject = “Remove old user from mysites”
$body = “The user $Username has a mysite but no longer exists in AD. Please archive this site and remove from mysite”
$smtpServer = “email server”
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)
}
}
}
This will only work if your mysites are set to use the username, you will have to modify this if you use the name of the person.
Schedule both of these and you can let the system do the work of auditing the mysites.
I adored your helpful post. excellent stuff. I hope you release many. I will carry on reading
Very interesting info!Perfect just what I was searching for!
Some genuinely excellent blog posts on this web site , appreciate it for contribution.