Who's crashing your #SharePoint uninvited like this #dinosaur #weddingcrasher?

Wow! I had some uninvited family members crash my wedding (Sorry, cuz, Aunty Merle told me about "the incident" and made me black ball you. Water under the bridge?!), but I never had a T-Rex crash my big day! Check out this couple who got hitched over the weekend but were chased out of their celebration by an escapee from Jurassic Park (by the way JP4 is coming soon!).


T-Rex attacking a wedding party in St. Francisville, LA (Source: Photographer Quinn Miller)


Is Mr. T-Rex crashing your SharePoint?


You might not have any T-Rex's crashing your SharePoint, but I bet you've encountered a few dinosaur users you thought were extinct! I'm talking about those users who left the company and yet - surprise, surprise - pop up as still having access in SharePoint. Here's how it happens:


  1. An employee leaves the company.
  2. You remove them as a user from Active Directory.
  3. Then some time down the line you are performing an audit/attestation of user rights in SharePoint and low and behold there is Mr. T-Rex.
  4. "Holy cow!" you yell, "this is a big security concern."


Active Directory only removes individuals from SharePoint if they were granted access to SharePoint via an AD group. If Mr. T-Rex was granted access to a particular site explicitily or via a SharePoint group, then he will still remain in that site's permissions because AD does not remove him in those instances.


So I'm sure everyone that reads this post sticks hard and fast to only granting SharePoint access via AD groups *wink, wink, nudge, nudge!* But for the rest of those folks not reading this, we know that managing permissions and responding to this peron's request and that person's request for access can get tedious and you just revert to granting access to SharePoint explicitly (its the simplest route). And that's when you run into this problem!


Fortunately for you, you can remove Mr. T-Rex and any paleolithic cronies from your SharePoint permissions with a simple action within Site Administrator for SharePoint. You can remove both deleted and disabled AD accounts. Watch how in these two videos here.