I've been asked to create a solution which detects the dead accounts and cleans it up from a SharePoint site.
I found a code snippet here (in the comments) which checks each user against the AD and cleans up the account. But the LDAP details are hardcoded in the code. What happens if i want to detect it dynamically and check the dead accounts? Is there a more elegant solution to do this?
Any ideas?
I looked at the code and it does NOT use LDAP at all. There are no authentication details anywhere in the code. All the code assumes is that an Administrator is running it from the server. It itterates the site collection users and removes them all.
This doesn't check for dead accounts. For that you'd have to check the value of web.SiteUsers[offsetIndex].ID against your LDAP database for suspended and/or deleted users and then ONLY remove those users.
Related
I'm creating an Application to access my Mail
so far everything works fine.
My app has only Mail.ReadWrite And I didn't find anything related to
preventing deletion of a message or to prevent DELETE requests to my App.
This Page is only about how to delete a message, but there's nothing about how to prevent users from doing.
https://learn.microsoft.com/en-us/graph/api/message-delete?view=graph-rest-1.0&tabs=http
So is there anyway I can prevent or limit the user from deleting Messages (Mails).
Thanks.
Thanks for reaching out. To my knowledge there isn't currently a way to prevent delete requests once the Mail.ReadWrite permission has been granted to the app. Would you consider filing a feature request on the M365 Developer Platform so we can look into this?
Let me know if this helps and if you have further questions.
We are using Harmom.ie for Outlook to save e-mails and documents in SharePoint sites. Recently we started to use the Planner and Groups and we want to use Harmon.ie to save documents and emails into group sites. In Harmon.ie there is an option to enable groups sites. We have done that. When doing this an Office 365 Global admin must give consent. We also done that. However when a user try to access they are not allowed to access. According to the documentation something need to be set up on Azure giving the add proper Graph access.
The question is. How do we do this??? has anyone else got this to work? When we access the app on Azure there is not much we can do?
We are stock! any help will be much appreciated.
There are different ways to solve this. Harmon.ie also allows you to connect to teams & groups - and I suppose this is what you tried to do. We also did this. It was a little bit complex - but after some communication with the harmon.ie support, we got it working.
However, I am proposing a different way to solve your problem. Why? Currently, the problem with this teams and groups connection is, that you are not getting all the functionality of normal site connection (if you connect a SharePoint site to: https://www.harmon.ie). You are only going to see the documents library of your office group - and nothing else. But as an office group just uses a normal SharePoint Site, you could also have other libraries created.
What you can do is, get
1. get the site url (every office group has a SharePoint-Site behind)
2. and book it into harmon.ie manually
You will than have access to the document libraries.
for this solution, you do not need any additional configuration of teams and groups access.
I always get
Call restricted to workspace admins when using remove user api. Is there any way to work around and remove user from api.
Also when I add someone using addUser api they are added as Guest is there any way to make them member?
There is no way to work around having to be an admin to POST to /workspaces/workspace-id/removeUser. This is by design as it could cause security issues if everyone was capable of deleting users in a workspace.
When adding a user with the API, they will be added as a member if the new user's email address matches the domain of the workspace. If it doesn't match, they will be added as a guest.
I have little problem. In my application users are auth via Azure AD and his user profil is in DocumentDB.
When Administrator delete user profile I need to force log out the deleted user.
How to do it? Delete action deleting ad and documentdb entry.
Based on the description, you want to sign-out the users after the administrator delete the users profile from documentDB.
If I understood correctly, it is more likely building a real time application that nofify the specific client when the delete action is performed. I am trying to explain it using a figure below:
And for building the real time application, we can use the SignalR. And you can refer more detail about it from links here.
And another solution for prevent the deleted users to access the proteced resrouces, you can check it before the users access the resources.
I have to import a lot of old data into SharePoint. In this data, I need to create a lot of users who are no longer in AD. Does anyone have any idea how to do that?
Cheers
The options I can come up with:
Recreate the users in Active Directory and disable the accounts
Attribute the files to a generic account
Tie into a SQL database for user accounts in addition to Active Directory
On a sidenote, I've seen it to be a best practice to never delete users from Active Directory due to issues like these. Instead, just disable the accounts and move them to an out of the way OU.
I don't think this is possible as you are really trying to create orphaned users. Better just revert these users to the System Account - that is what I did when I last migrated a SharePoint 2003 farm to MOSS 2007.
You can use CSVDE to import a comma separated file, or dsadd command to add each user. See this link for details.