SharePoint 2013: Profile synchronization does not delete user profiles

We have configured AD Import in SharePoint 2013 with an LDAP filter set. After some time we discovered, that accounts deleted from AD are not automatically deleted from SharePoint.

After a lot of debugging and testing I found the solution:

The LDAP filter is an "Include" filter so you have to define which accounts should be imported. The filter looked like:

(&(objectCategory=person)(objectClass=user)(!(title=*Service Account*))(|(company=MyCompany1)(company=MyCompany2)))

(Import all accounts which are not service accounts and belong to MyCompany1 or MyCompany2)

You see the issue? Deleted accounts are not included in the filter, so I had to change the filter to include "isDeleted":

(|(isDeleted=TRUE)(&(objectCategory=person)(objectClass=user)(!(title=*Service Account*))(|(company=MyCompany1)(company=MyCompany2))))

Now also deleted accounts are included and SharePoint will delete the profiles correctly.

Maybe Microsoft should mention this in the documentation. Currently there is only one sentence regarding the LDAP filter:

If you want to filter the objects that you import from the directory service, in the Filter in LDAP syntax for Active Directory Import box, type a standard LDAP query expression to define the filter.
Source: https://technet.microsoft.com/en-us/library/jj219646.aspx
Comments are closed