清理SharePoint用户配置文件的脚本

On one of my customers SharePoint 2013 farms, I implemented a cool solution, which leverages the User Profile Service and People Search to create a simple-yet-powerful directory of all the employees in the organization. I based it on Ari Bakker's

在我的一个客户SharePoint 2013服务器场上，我实施了一个很酷的解决方案，该解决方案利用用户配置文件服务和人员搜索为组织中的所有员工创建了一个功能强大的简单目录。 我基于阿里·巴克（Ari Bakker）的

您确实应该阅读 "People Directory" blog post“ People Directory”博客文章

Still, it's garbage in, garbage out, so if your Active Directory is a mess, the People Directory will be a mess, too. So I worked with the customer to target specific OU's for their User Profile Sync, filter out disabled users, move non-human accounts (such as SQL Service and Farm Service) out of the OU, until the OU contained a much better representation of the company's staff.

尽管如此，它还是垃圾，垃圾，所以如果您的Active Directory一片混乱，People Directory也会一片混乱。 因此，我与客户合作，为其用户配置文件同步定位特定的OU，过滤掉禁用的用户，将非人类帐户（例如SQL Service和Farm Service）移出OU，直到OU包含了更好的代表。公司的员工。

But the old profiles weren't being deleted, so you still had service accounts and domain admins listed alongside legitimate employees. You could, of course, go into the User Profile Service App and remove each invalid profile one by one, but the customer wasn't excited about doing that for the 100+ profiles we estimated had to be pruned. We needed to find a way to prune out the invalid profiles quickly and accurately, so I found a PowerShell script and customized it to do the following:

但是不会删除旧的配置文件，因此您仍然在合法员工旁边列出了服务帐户和域管理员。 当然，您可以进入User Profile Service应用程序并逐个删除每个无效的配置文件，但是对于我们估计必须修剪100多个配置文件的情况，客户并没有为此感到兴奋。 我们需要找到一种方法来快速，准确地删除无效的配置文件，因此我找到了一个PowerShell脚本并对其进行了自定义以执行以下操作：

• Connect to AD and enumerate all users under the OU "OU=CONTOSO CORP Users,DC=Contoso,DC=local"
  连接到AD并枚举OU下的所有用户“ OU = CONTOSO CORP用户，DC = Contoso，DC =本地”
• Connect to the User Profile Service App and enumerate all user profiles
  连接到用户配置文件服务应用程序并枚举所有用户配置文件

• For each profile,

  
  
  • If there is not a corresponding AD user in "OU=CONTOSO CORP Users,DC=Contoso,DC=local", delete the profile from the User Profile database
  • Next

  对于每个配置文件，

  
  
  • 如果在“ OU = CONTOSO CORP用户，DC = Contoso，DC =本地”中没有相应的AD用户 ，从用户个人资料数据库中删除个人资料
  • 下一个

Note: I've commented out the actual "delete" command below, so you can run it in report mode before you try it for real. Run this script on a SharePoint Farm server; the Active Directory PowerShell module (included with RSAT) will also need to be installed. You need to be logged in with elevated permissions; I'd suggest Farm Admin + Local Admin with SPShellAdmin rights.

注意：我已经在下面注释掉了实际的“删除”命令，因此您可以在实际使用它之前在报告模式下运行它。 在SharePoint场服务器上运行此脚本； Active Directory PowerShell模块（包含在RSAT中）也将需要安装。 您需要使用提升的权限登录； 我建议使用SPShellAdmin权限的Farm Admin + Local Admin。

DISCLAIMER:  Use extreme caution when running this script (or anything else you download from the internet). Try it on a test machine first so you understand how it works. Make a backup of your production farm. You can potentially lose data / profile settings.

脚本：Delete-SpecifiedUserProfil es.PS1 (Script: Delete-SpecifiedUserProfiles.PS1)

#Script: Delete-SpecifiedUserProfiles.PS1 

#Add SharePoint PowerShell SnapIn if not already added 

if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {Add-PSSnapin "Microsoft.SharePoint.PowerShell"} 

 

#Enumerate all users under the CONTOSO Corporate Users OU 

#Note: This requires the AD PowerShell Module from RSAT to be installed 

$CorpUsers = Get-ADUser -SearchBase "OU=CONTOSO CORP Users, DC=Contoso,DC=local" -filter * 

 

#Uncomment to get a report of AD users in your OU 

#$CorpUsers | Export-Csv E:\Scripts\CONTOSO_CorpUsers_OU_011215.csv 

 

#Get UserProfileManager from the My Site Host Site context 

$site = new-object Microsoft.SharePoint.SPSite("http://YourCentralAdmin:PortNumber/"); 

$ServiceContext = [Microsoft.SharePoint.SPServiceContext]::GetContext($site); 

$ProfileManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext) 

$AllProfiles = $ProfileManager.GetEnumerator() 

 

#Uncomment to get a report of Profiles in your User Profile DB 

#$AllProfiles2 = $ProfileManager.GetEnumerator() 

#$AllProfiles2 | Export-Csv E:\Scripts\SPProd_Profiles_011215.csv 

 

#Loop through each profile in SharePoint User Profile Database 

foreach($profile in $AllProfiles) 

 { 

 $DisplayName = $profile.DisplayName 

 $AccountName = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value 

 #Strip the domain so we can compare SAM account names 

 # Trim the first 8 characters from account name (remove "CONTOSO\") 

 $UserProfileSAMName = $accountname.substring(8) 

 write-host $Displayname "(AccountName: " $AccountName ", SAM Name: " $UserProfileSAMName ")" 

 

 #If a user profile exists but does not reside in the CONTOSO Corporate Users OU, then it must be removed. 

 If (-not ($CorpUsers.SamAccountName.contains($UserProfileSAMName))) 

 {write-host "---> " $UserProfileSAMName " (" $AccountName ") does not exist under CONTOSO Corp Users OU." 

 #Do not delete setup (admin) account from user profiles. Please enter the account name below 

 if($AccountName -ne "Contoso\sp_installer") 

 { 

 #For this example, the actual command to delete the profile has been commented out. We are reporting only. 

 # Uncomment if you want to actually delete profiles 

 # $ProfileManager.RemoveUserProfile($AccountName); 

 #write-host "---> Profile for account " $Displayname "(AccountName: " $AccountName ", SAM Name: " $UserProfileSAMName ") has been deleted" 

 write-host "---> Profile for account " $Displayname "(AccountName: " $AccountName ", SAM Name: " $UserProfileSAMName ") would be deleted" 

 } 

 } 

 } 

write-host "Finished." 

$site.Dispose() 

Download the source code here在此处下载源代码

删除用户个人资料有什么影响？ (What is the impact of deleting a user profile?)

First a little context. In the free edition of SharePoint (SharePoint Foundation), there is no User Profile Service App. So this means that the first time a new user logs in, a local profile is created and stored in the site collection, along with certain of the user's properties pulled from Active Directory. If you click on a user's name (e.g. in the "Created by" field next to a document) you will be taken to their site collection profile page. That's how it works in Foundation. In Standard and Enterprise, it works this way too, unless you create a User Profile Service App. One a UPSA is associated with the farm, clicking a user's name will take you to their UPSA profile, typically located in the webapp that is hosting MySite / Newsfeed / OneDrive.

首先是一点背景。 在SharePoint的免费版本（SharePoint Foundation）中，没有用户配置文件服务应用程序。 因此，这意味着新用户首次登录时，将创建本地配置文件并将其与从Active Directory中提取的某些用户属性一起存储在网站集中。 如果单击用户名（例如，在文档旁边的“创建者”字段中），则将转到用户的网站集配置文件页面。 这就是它在Foundation中的工作方式。 在Standard和Enterprise中，除非您创建User Profile Service应用程序，否则它也以这种方式工作。 一个与服务器场关联的UPSA，单击用户名将带您进入其UPSA配置文件，该配置文件通常位于承载MySite / Newsfeed / OneDrive的Web应用程序中。

If you delete a UPSA profile, the identity link for that user reverts back to using their site collection profile. This is a good thing. It means you won't lose the metadata associated with a document or item if it happened to be created by that user.

如果删除UPSA配置文件，该用户的身份链接将恢复为使用其网站集配置文件。 这是一件好事。 这意味着，如果恰好由该用户创建文档或项目，则您不会丢失与该文档或项目相关联的元数据。

假设您是无意中删除了一个配置文件。 (So let's say you deleted a profile by accident.)

Let's say this is your scenario:

假设这是您的情况：

• User Karen Smith AD user account (CONTOSO\ksmith) is located in CONTOSO CORP Users OU.
  用户Karen Smith AD用户帐户（CONTOSO \ ksmith）位于CONTOSO CORP用户OU中。
• User Profile AD sync has generated a UPSA profile for her and is synching properties
  用户个人资料AD同步已为其生成了UPSA个人资料并正在同步属性
• She has logged in to https://portal.contoso.com
  她已经登录到https://portal.contoso.com
• She clicked on her OneDrive for Business link, taking her to https://my.contoso.com (this also kicked off a timer job to create a MySite site collection for the user, to host her OneDrive files)
  她单击了她的OneDrive for Business链接，将她带到https://my.contoso.com （这也启动了计时器工作，为用户创建MySite网站集，以托管她的OneDrive文件）
• She has authored documents.
  她已经撰写了文件。
• She has put documents in her OneDrive for Business site.
  她已经将文档放在OneDrive for Business网站中。
• She has gone to her "About Me" link and edited her profile, updating her Profile picture.
  她已经转到“关于我”链接并编辑了个人资料，并更新了个人资料图片。

• Move CONTOSO\ksmith back into the OU
  将CONTOSO \ ksmith移回OU
• Kick off a sync of the User Profile Connection
  启动用户配置文件连接的同步

The next time Karen logs in, she won't see anything different until she clicks on one of the three "mysite" links beside her name. There she'll see the same welcome message she saw the first time, because she's being treated as a new profile. The MySite creation timer job kicks off, but instead of creating a new site collection, she is relinked with her old site collection, so OneDrive shows the same documents she had in there before.

下次Karen登录时，只有单击其姓名旁边的三个“ mysite”链接之一，她才会看到任何不同的内容。 在该处，她将看到与她第一次看到的相同的欢迎消息，因为她被视为新的个人资料。 MySite创建计时器作业开始了，但是她没有创建新的网站集，而是与旧的网站集重新链接，因此OneDrive显示的是以前在其中的相同文档。

However, any customization she did to her profile (i.e. the profile pic) is now erased, and must be done again.

但是，她对自己的个人资料（即个人资料图片）所做的任何自定义现在都将被删除，必须再次进行。

That's as far as my testing of this scenario went, so other than possible user confusion, I did not see any other adverse symptoms. It won't affect any actual AD objects or security, but it will remove profiles. MySites will not be deleted.

这是我对这种情况的测试所能完成的，所以除了可能引起用户的困惑之外，我没有看到任何其他不良症状。 它不会影响任何实际的AD对象或安全性，但是会删除配置文件。 MySites将不会被删除。

Still, it's probably best to avoid deleting user profiles if you don't have to, which is why I was very careful running this script in production (see Disclaimer above).

尽管如此，最好还是避免不必要的删除用户配置文件，这就是为什么我在生产环境中非常谨慎地运行此脚本的原因（请参见上面的免责声明）。

I originally posted this article to the Alaska SharePoint User Group blog, here: http://www.akspug.org/Blog/Post/96/Script-to-Clean-up-User-Profiles

我最初将这篇文章发布到阿拉斯加SharePoint用户组博客， 网址为 ： http : //www.akspug.org/Blog /后/ 96 / S 到C 瘦人 档案 s

翻译自: https://www.experts-exchange.com/articles/28971/Script-to-Clean-up-SharePoint-User-Profiles.html