Find and Delete Orphaned Users in SharePoint with PowerShell

Orphaned Users in SharePoint. in short, SharePoint orphaned users are those who are deleted from Active Directory, but still have permissions to SharePoint sites!  Read more here: Find and Delete Orphaned Users in SharePoint

PowerShell to Find and Delete Orphaned Users in SharePoint
Now, with PowerShell, We can Find and Delete orphaned users in SharePoint. Here is the script:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue   #Parameter $WebAppURL="http://intranet.crescent.com"    #Function to Check if a User exists in AD Function Check-UserExistsInAD() {     Param( [Parameter(Mandatory=$true)] [string]$UserLoginID)     Write-host $UserLoginID     #Search the User in AD     $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()     foreach ($Domain in $forest.Domains)     {         $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $Domain.Name)         $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)               $root = $domain.GetDirectoryEntry()         $search = [System.DirectoryServices.DirectorySearcher]$root         $search.Filter = "(&(objectCategory=User)(samAccountName=$UserLoginID))"         $result = $search.FindOne()            if ($result -ne $null)         {            return $true         }     }   return $false   }     #Get all Site Collections of the web application $WebApp = Get-SPWebApplication $WebAppURL    #Iterate through all Site Collections Foreach($site in $WebApp.Sites)  {     #Get all Webs with Unique Permissions - Which includes Root Webs     $WebsColl = $site.AllWebs | Where {$_.HasUniqueRoleAssignments -eq $True} | ForEach-Object {             $OrphanedUsers = @()             #Iterate through the users collection     ForEach($User in $_.SiteUsers)     {         #Exclude Built-in User Accounts , Security Groups         if(($User.LoginName.ToLower() -ne "nt authority\authenticated users") -and             ($User.LoginName.ToLower() -ne "sharepoint\system") -and                 ($User.LoginName.ToLower() -ne "nt authority\local service")  -and                     ($user.IsDomainGroup -eq $false ) )                 {                     $UserName = $User.LoginName.split("\")  #Domain\UserName                     $AccountName = $UserName[1]    #UserName                     if ( ( Check-UserExistsInAD $AccountName) -eq $false )                     {                                 Write-Host "$($User.Name)($($User.LoginName)) from $($_.URL) doesn't Exists in AD!"                                                                        #Make a note of the Orphaned user                                 $OrphanedUsers+=$User.LoginName                     }                 }         }     } }           # ****  Remove Users ****# # Remove the Orphaned Users from the site # foreach($OrpUser in $OrphanedUsers) #   { #        $_.SiteUsers.Remove($OrpUser) #        Write-host "Removed the Orphaned user $($OrpUser) from $($_.URL) " #   } Executing this script will scan and give the list of orphaned users in a SharePoint web application. It can be used in SharePoint 2010 also to find & delete orphaned users. SharePoint orphaned users cleanup: I've commented out the "Remove Users" section at the bottom of the script.  Just remove # tags to un-comment and execute the script to delete orphaned users in SharePoint. Ref: Find and Delete Orphaned Users in SharePoint with PowerShell - SharePoint Diary