This discussion is archived
1 Reply Latest reply: Nov 9, 2011 11:12 AM by geoff garcia RSS

Disabled User Accounts still searchable in WCI10gR3 portal

maverick_sri Newbie
Currently Being Moderated
Hi Everyone,

We have a Oracle WCI10gR3 portal implementation. We found that accounts of users who have left the company and thier AD accounts are disabled are still searchable in the portal.

We have a custom portlet which shows the profile (Education Details, Years of Experience, Hobbies, etc) of any user when we search for the user. Since the disabled users are searchable, this portlet is also picking up the disabled users.

In our case, disabled account are stored under a folder named Disabled under the Accounts root folder. Our Authentication Source and Profile soure settting are set that all users under Accounts folder of Active Directory are synchronized. The settings are as belows:

User Query Base: OU=Accounts,DC=company,DC=com
User Query Filter: (&(objectcategory=person)(objectclass=user))

I want to know, is there any way, anyone else handles disbled accounts in AD, so that the disabled accounts in the Disabled folder under Accounts folder are not brought into the portal?
  • 1. Re: Disabled User Accounts still searchable in WCI10gR3 portal
    geoff garcia Oracle ACE
    Currently Being Moderated
    We had the same problem.
    To get around it we changed out user query filter to: (&(&(objectCategory=person)(objectClass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
    Additionally we brought this issue to the attention of our HR and IT Operations staff who then added a profile property field which we used to determine who to show in our people finder.

    How to import user profile information of enabled user accounts from Active Directory to SharePoint
    http://support.microsoft.com/kb/827754
    "To import user profile information of only user accounts that are enabled, use the (&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))) LDAP search filter. "

    Best of luck!

    Maverick_Sri wrote:
    Hi Everyone,

    We have a Oracle WCI10gR3 portal implementation. We found that accounts of users who have left the company and thier AD accounts are disabled are still searchable in the portal.

    We have a custom portlet which shows the profile (Education Details, Years of Experience, Hobbies, etc) of any user when we search for the user. Since the disabled users are searchable, this portlet is also picking up the disabled users.

    In our case, disabled account are stored under a folder named Disabled under the Accounts root folder. Our Authentication Source and Profile soure settting are set that all users under Accounts folder of Active Directory are synchronized. The settings are as belows:

    User Query Base: OU=Accounts,DC=company,DC=com
    User Query Filter: (&(objectcategory=person)(objectclass=user))

    I want to know, is there any way, anyone else handles disbled accounts in AD, so that the disabled accounts in the Disabled folder under Accounts folder are not brought into the portal?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points