Chat now with support
Chat with Support

NOTICE! We are upgrading our support telephone services, implementing Genesys, starting the week of May 19, 2025

ControlPoint 8.7 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Running Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Provisioning SharePoint Site Collections and Sites Default Menu Options for ControlPoint Users About Us

Running an Orphaned Domain Users Report and Deleting Orphaned Users

If you have (or think you have) users with permissions in SharePoint that are no longer in Active Directory, you can run an Orphaned Domain Users Report to identify them.

NOTE:  You can also choose to have ControlPoint automatically submit a Delete User job to the ControlPoint scheduler. The job will be scheduled to run 30 minutes after the analysis has finished processing and will delete all users returned by the analysis. This is useful if, for example, you want to run the report on a large scope and/or on a recurring basis to keep your environment “cleaned up.”  

To run an Orphaned Domain User Report:

1Select an object in the SharePoint Hierarchy which you believes contains “orphaned” users.

TIP: The identification of orphaned users can be an intensive process—especially the first time it is performed—as ControlPoint must query Active Directory for each user with permissions to a site, sometimes in more than one domain.  The smaller the scope you choose, the more quickly the report will be completed.  Therefore, it is recommended that for evaluation purposes you run the report on a limited scope. (Note that, if you use ControlPoint to run an Orphaned Domain Users on a regular basis in order to keep your environment “cleaned up,” it will run increasingly more quickly.)

2Right click and select Users and Security > Orphaned Domain Users.

Eval Guide ODU SELECT

Note that you have the option of limiting your results only to users who are either disabled in or have been deleted from Active Directory.  For this scenario we will keep the default option, Show all orphans, so that both types of users will be included.

Evaluation Guide Orpahn Domain User dropdown

3If you want to exclude objects whose permissions are inherited, make sure Show unique permissions only is checked.

TIP:  This option is especially useful if your primary objective is to delete orphaned users, because your result set will be more targeted.  (You can not delete permissions directly from an object that has inherited permissions.)

4For this scenario, uncheck the Display with results expanded box.

Evaluation Guide Orpahn Domain User Parameters

5Click [Run Now].

The top level of the analysis displays all of the “orphaned” users within the scope of your analysis.

Note that users who are disabled in Active Directory are flagged.

Evaluation Guide DISABLED USERS

Expand a User name to see more detail about that user’s permissions.

Evaluation Guide Orphaned Domain Users Detail

Note that, as an alternative to creating a scheduled job to delete all users identified as orphaned (as described previously), from analysis results you have the option of initiating a ControlPoint Delete User action for an individual user.

In this scenario you:

üLearned that you can initiate a follow-on ControlPoint action from analysis results.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating