Clean orphaned users

In time, you will be adding and removing users from the Active Directory (AD) associated with your SharePoint or Microsoft 365 environments.

When you remove users from AD, they become orphaned users, and their permissions remain even though they no longer have access to your environment.

Removing these permissions through Clean orphaned users is recommended to:

• Avoid returning users from having access to old content they worked on before they left.
  For example, a contractual employee comes back to work on a new project, you reactivate his AD account, and he suddenly has access to old project files he worked on before.
• Keep your permissions more organized and manageable.

Index

• Prerequisite(s)
• How-To
• Considerations

Prerequisite(s)

• You have site collection admin permissions on your targeted site collection(s).
• You are connected to your site collection(s), Microsoft 365 Admin center, or SharePoint central admin.

Note: Site collection admin permissions are required even if you have higher admin privileges like SharePoint admin or Global admin permissions. For more information, click here.

Tip: To manage all your site collections, you can connect to your central admin or admin center with SharePoint admin, Farm admin, or Global admin permissions.

How-To

1. Select the item you would like to act on from the Explorer.
2. Select Clean orphaned users in the Quick actions menu.
3. Select All orphaned users or Specific users (allows you to search for or select a specific user) from the dropdown.
4. Click to run the action immediately.
5. Click to schedule the action to run at a later time.
6. You can find the results, including warnings and errors, in the Tasks screen.

Considerations

• Clean orphaned users will not remove the assigned metadata within your lists and libraries. For example, if an orphaned user is the creator of a library, their name will still show in the Created by field after running this action.
• If you use a custom authentication provider, orphaned users detection will not be available because the ShareGate migration tool communicates with the authentication provider to determine if the user account is still available.
• External users can be temporarily flagged as orphaned users when created due to a short time lapse between Azure Active Directory and SharePoint that prevents synchronization.
• If you want to clean all your orphaned users, we recommend running an Orphaned user report on your target first. The report ensures that the ShareGate migration tool detects the Orphaned Users correctly before the Clean action runs.

Training video: For more info, watch Clean orphaned users.