How to Deal with Office 365 Orphaned Users with Sharegate
People join and leave companies, it's a common thing. It's also the cause of headaches for many IT admins, since they're responsible for creating or cleaning up permissions associated with these users. In this video, we'll see how to deal with what are known as Office 365 orphaned users.
In Sharegate, you can both report and take action when it comes to orphaned users. But first, what is an Orphaned user? When a user leaves a company, IT admins will either deactivate or delete them from the active directory. However, it won’t remove their permissions in SharePoint, which is why we call them Orphaned. So, what happens with them when you decide to migrate?
If you're planning a migration to Office 365, Sharegate can migrate the permissions and metadata of Orphaned users found in the source environment. When migrating to SharePoint online using the normal mode, Sharegate probably won’t be able to copy the permissions and metadata related to orphaned users, since they won’t be available at destination. Sharegate will instead assign the permissions and replace the names of the orphaned users with the current Sharegate user. To avoid this, you can map them to existing users, using the "Users and Groups mapping".
If you're using the Insane mode for your Office 365 migration, the outcome will be different and for the best. Since the Insane mode uses Microsoft’s Office 365 Migration API, Sharegate can copy the metadata associated to the source orphaned users, even if they're not available at the destination. This means the “created by” and “modified by" user values, will be preserved. To do this, Sharegate creates a placeholder in user value fields with their name, but they will not be linked to any account. The downside is that Sharegate will also copy the permissions of the user, to the placeholder.
To help prepare your migration, you can quickly generate a list of the Orphaned users found at the source. The Orphaned users report, will list all users that are disabled in the active directory, but still have permissions in your SharePoint environment, or documents marked with them listed as authors.
Now let’s say you don’t want to copy these permissions or, you've already copied everything and you simply want to clean them, in your source or destination environment. From the Explorer, simply select the site collections to clean and select the "Clean Orphaned Users" button. Then decide if you want Sharegate to clean permissions for all Orphaned users of the selected sites or, run a report to identify them, so you can select which ones to clean, or not. You can even schedule this task to run periodically to make sure your environments remain clean and safe.