How to query for disabled users in 'People' form control?

T
Badge +2

Hi All

 

I've got a 'People' form control that doesn't return any results if the user account is disabled in AD.  Once the account is enabled, it appears again in the form control.  Is there any way to enable this control to see disabled accounts?

 

On a side note, the accounts still exist in the SharePoint User Profile Service Application and I can query them in there and see all the attributes.  Is there a way to tell the from control to look in the SP UPSA instead of AD directly?

 

Appreciate any suggestions.

9 replies

E
Badge +17

Trien,

I don't think this is possible within the control.  That would defeat the purpose of SharePoint utilizing AD to control users.  If you think about it, SharePoint only needs to be aware of active accounts and handle permissions from that aspect.  The control renders only the active accounts and further displays based on what SharePoint hands it. 

Sorry, that may not be the answer you are looking for, but fundamentally, providing inactive users could be a security risk to SharePoint which invalidates AD in the first place from an account management perspective.

T
Badge +2

Is there any alternative form control I could use that would query the SharePoint USPA db instead, since the profile is still there?  I'm looking to populate user info into fields on a form.  For example, if a person leaves for whatever reason (resigns, dies, etc) their AD account would be disabled, but a form needs to be filled out to have other processes completed.  It would be nice not to have to manually type in every field about the user you're filling in the form for.

E
Badge +17

You could possibly have a PowerShell script that would hit the DB and the workflow would kick that off.  Outside of that, I don't believe that is possible through the normal SharePoint operations.

T
Badge +2

That's a shame.  I was fiddling with the idea of just having them input the account name, then a workflow would run a web service call to pull in the information afterwards, but these workarounds don't have a nice flow and present other issues as well, such as data validation. The 'People' form control is nice in that it shows you the results while you're filling it in, that way you can be sure you picked the right account.

Thanks for all your suggestions, Eric.

E
Badge +17

The main concern with that is security. If you're expired or deactivated accounts in AD were available via a web service call, then I could potentially hit that, reactivate my account as a disgruntled employ who got fired and wreck havoc on your farm.  That's not a good scenario at all, but doable if you were to build out what you were attempting. 

That may be a worst case, but not an inconceivable case.

T
Badge +2

I just want to clarify (and maybe this is getting too far afield).  These disabled AD accounts are still visible as SharePoint user profiles within Central Admin > User Profile Service App > Manage User Profiles.  Although they cannot sign into the portal any longer, the presence of these profiles on the SharePoint side still poses a potential security risk and ideally should be purged? 

What I previously had in mind was to use the "Call Web Service" action to call the userprofileservice.asmx and use the GetUserProfileByName webservice to grab the individual profile properties I was looking to autofill.

H
Badge +4

Hi, I am also facing an issue with the disabled users. We have a form, that have multiple stages. Each Stage have a person field and the person is selected. However if any of the previously selected user is disabled in AD, the already submitted form will not save. It appears with a message "Unresolved Entries". While I don't want to select a disabled user, how can I save the form with already submitted data which have a disabled user listed. Any workaround ? Has anyone come across similar scenario ?

T
Badge +2

I think your problem can be solved by changing the settings of your calculated field(s) and set the "Recalculate formula on view mode" and "Recalculate formula on edit mode" to No.  This would be the case you mention where you've already selected that account, but it becomes disabled after you've already saved the item.  Otherwise you're probably stuck like me and have to call up the info from the sharepoint user profile db afterwards with a web service call of some sort.

H
Badge +4

Thanks Trien, Ours is not a calculated field, its an entry field(person). When the form is initially submitted, we select the user. But the form can remain in progress for some time and meanwhile if the person leaves the company, the account gets disabled. That is when we have the problem. Once the account is disabled, we cannot save the form back after Edit.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings