This post will describe how you can remove users in bulk using a PowerShell script and a simple CSV file.
In SharePoint 2010, the people picker retrieves data from multiple sources.
– The Site Collection’s User Information List (UIL);
– Active Directory.
When you delete a user from Active Directory, this will not mean the user isn’t searchable in SharePoint. Actually, if you look for this person in the people picker, you will probably find him/her. As the data is pulled from different sources, there may be several causes for this.
Assuming the user is really deleted from the Active Directory, I will give you some pointers as to how to “delete” the users from the People picker.
Scenario
I have a user called Kim Akers in my Contoso environment. She has permissions on several sites/subsites, and placed documents and list items in multiple places.
She also has a MySite.
For some reason, Kim is fired. The Active Directory administrators remove her account from Active Directory.
However, when I look at the People Picker in SharePoint, I can still find this user.
Why is this happening?
Every user that is given direct permissions, or has logged in to SharePoint, will be added to the Site Collection’s User Information List. This is a hidden list, that you can access by going to your site collection’s URL and add /_catalogs/users/simple.aspx. For instance: http://portal.contoso.com/_catalogs/users/simple.aspx.
This will show a list of all users that have logged in on your SharePoint. Sure enough, Kim can still be found here, even though her account has been deleted in Active Directory.
Solution
To remove the user from the information list, you can use the GUI. If you want more information on how to do this, read this article. Also, make sure the profile for this user is not in the Profile Database. You can remove users from the Profile Database directly by going to Central Administration -> Application Management -> Manage Service Application -> Click your User Profile Service Application -> Manage User Profiles -> Find profile by entering the name -> Select the name in the list, and click Delete.
In my case, I wanted to remove a list of users from All site collections, because I am certain that these users will never log in again, and I don’t want them to show in the people picker. The below script will do just that!
| param ( [Parameter(Mandatory=$true)][ValidateScript({Test-Path $_ -Include “*.csv”})] [String]$CSVPath ) #This script will remove users specified in the CSV. $CSVFile = Import-CSV $CSVPath #Get all site collections |
I save the above text in a .ps1 file called Remove-SPUserBulk.ps1.
Next, I create a CSV file (Users.csv) that will contain all the users that I want to remove. My demo CSV looks like this:
As you can see, I added a non-existing account, to show that the script actually just deletes the existing user, and the output is correct. I run the script by going to the location where the Remove-SPUserBulk.ps1 file is located, and enter: “Remove-SPUSerBulk.ps1 -CSVPath “C:\scripts\Users.csv”.
Below is the result.
Be aware that if the user is a site collection administrator, you will get an error stating you cannot delete the owners of a Web site collection.
Blog by Nico Martens 
This is perfect! Thank you for explaining this so clearly. You solved my problem. Thank you!
Pingback: Fatshark's Personal Blog
What if you have the opposite situation and you have an AD account disabled and the person is no longer showing up in the people picker column in SharePoint, what happens to your list items that already have that person listed in them? Will those items not be editable anymore, as it won’t let you save? Or what about trying to upload lists for reporting purposes that have inactive users listed?
I get this error about the file not found. Any Ideas?
C:\Users\USERNAMEHERE\Desktop\RemoveUsers\Remove-SPUserBulk.ps1 :
0x80070002
At line:1 char:24
+ .\Remove-SPUserBulk.ps1 <<<< -CSVPath "E:\Users.csv"
+ CategoryInfo : NotSpecified: (:) [Remove-SPUserBulk.ps1], FileN
otFoundException
+ FullyQualifiedErrorId : System.IO.FileNotFoundException,Remove-SPUserBul
k.ps1
Far from perfect – ideally you’ll want the script to check against AD and remove users that no longer exist or were disabled in AD, not generate a manual list every day.
^ What Alex said. Have you got a script that looks at all SP users then checks AD to see if they still exist? I would also be interested to see what the outcome is of a document library that a user last created/modified in – would their name disappear post deletion in SP or would this only remove them from site permissions lists? Thanks
Hi,
I haven’t done this sa it wasn’t needed for my scenario, if I find some time I will update the script.
Regards, Nico
Hi Nico,
I’ve just found this solution and I’m running it in Dev – will see what the outcome is 🙂
http://www.sharepointdiary.com/2013/07/find-and-delete-orphaned-users-in-sharepoint-using-powershell.html
What if I first would like to copy the permissions of a deleted users to a new existing AD account?
I have script a script that can copy rights of an Active user to another active user. It uses GetUserEffectivePermissionInfo to et the permissions, but that does not work for a user that does not exist anymore in the AD.
Any ideas?
Questions Concerning this:
1) If you remove a user from the UIL (effectively removing them from people picker), how for that affect documents, lists, pages, etc. that was either created or modified by that user? Do you lose that history, does the field change to “System Account”, or does it remain? And if it remains, does it add anything to indicate that the user is no longer with the company? Red Text, maybe…
2)Microsoft best practices are to use ‘SharePoint Groups’ instead of giving users direct permissions. If users are not given direct permissions and the groups are used, how is the UIL affected?