An Orphaned User is a user account that is available in SharePoint site but that user can't access SharePoint any longer. This can be in a case if the user account is deleted or disabled from the Active Directory.
In this blog, first, we are retrieving all the users from the user information list of the site collection, then we are checking whether those users are valid or invalid in our Active Directory.
The below image shows all my users present in the user information list of the site collection. You can get the user information list by navigating to "Siteurl + /_catalogs/users/detail.aspx”.
Add the below code.
- using System;
- using System.Net;
- using Microsoft.SharePoint.Client;
- namespace OrphanUser {
- class Program {
- static void Main(string[] args) {
- ClientContext ctx = new ClientContext("http://portal/sites/site1");
- NetworkCredential cred = new NetworkCredential("userName", "passWord");
- ctx.Credentials = cred;
- ctx.ExecuteQuery();
- Web web = ctx.Web;
- ListItemCollection itemColl = null;
- User user = null;
- bool isGroup = false;
- string userName = string.Empty;
- string status = string.Empty;
- itemColl = web.SiteUserInfoList.GetItems(new CamlQuery());
- ctx.Load(itemColl, items => items.Include(item => item.FieldValuesAsText, item => item.Id, item => item.DisplayName));
- ctx.ExecuteQuery();
- foreach(ListItem itm in itemColl) {
- user = web.EnsureUser(itm.DisplayName);
- try {
- ctx.Load(user, u => u.LoginName);
- ctx.ExecuteQuery();
- isGroup = false;
- } catch {
- isGroup = true;
- }
- if (!isGroup) {
- userName = itm.DisplayName;
- if (userName.ToLower() == "NT AUTHORITY\authenticated users".ToLower() || userName.ToLower() == "Helpdesk Administrator".ToLower() || userName.ToLower() == "Everyone except external users".ToLower() || userName.ToLower() == "SharePoint\\SYSTEM".ToLower() || userName.ToLower() == "Everyone".ToLower() || userName.ToLower().StartsWith("nt authority\\") || userName.ToLower() == "SharePoint App".ToLower() || userName.ToLower() == "System Account".ToLower() || userName.ToLower().Contains("_spo")) {
- continue;
- } else {
- GetOrphanedUsers(ctx, web, itm.DisplayName);
- }
- }
- }
- }
- public static void GetOrphanedUsers(ClientContext ctx, Web web, string userValue) {
- try {
- Microsoft.SharePoint.ApplicationPages.ClientPickerQuery.ClientPeoplePickerQueryParameters query = new Microsoft.SharePoint.ApplicationPages.ClientPickerQuery.ClientPeoplePickerQueryParameters();
- query.AllowEmailAddresses = false;
- query.AllowMultipleEntities = false;
- query.ForceClaims = false;
- query.MaximumEntitySuggestions = 50;
- query.PrincipalType = Microsoft.SharePoint.Client.Utilities.PrincipalType.All;
- query.PrincipalSource = Microsoft.SharePoint.Client.Utilities.PrincipalSource.All;
- query.QueryString = userValue;
- query.AllUrlZones = false;
- query.SharePointGroupID = 0;
- query.WebApplicationID = new Guid("00000000-0000-0000-0000-000000000000");
- ClientResult < String > resultInfo = Microsoft.SharePoint.ApplicationPages.ClientPickerQuery.ClientPeoplePickerWebServiceInterface.ClientPeoplePickerSearchUser(ctx, query);
- try {
- ctx.ExecuteQuery();
- } catch {}
- if (resultInfo == null || resultInfo.Value == null || resultInfo.Value == "[]") {
- Console.WriteLine(userValue + " is an Orphan user");
- }
- } catch {}
- }
- }
- }
Result
It shows only the user accounts that are deleted or disabled from the Active Directory.