Thursday, March 20, 2008

When active directory users get deleted and re-created

When active directory users get deleted and re-created, even with the same user id, there's a nasty side effect. Each time they try to access their "my site", they will receive the following error:

The file exists. (Exception from HRESULT: 0x80070050)



The reason is because when active directory accounts are deleted and re-created, the SID changes. Hence, the link between the user id and his "my site" is broken. There's an interesting solution from the Microsoft Forums that provides a good technical background on the problem. However, the suggested solution involves updating the SharePoint tables which is an unsupported activity. Here's how you can get around the issue without touching the database:


1. Access the user's my site settings page
The first step would be to access the user's my site page. You could simply append "_layouts/settings.aspx" to the URL of the site. However, here's a slightly easier way to get to the page.


a. Login to the SharePoint Central Administration site and access the Shared Services Provider page.

b. On the SSP admin page, select "User profiles and properties" "View User Profiles"

c. Search for the user whose account has been deleted. Click on the profile name and select "Manage Personal Site"

That will bring you to the user's personal site's settings page.


2. Delete the user from the site collection

a. Click "People and Groups"

b. In the "Groups" section, click on the "(sitename)_Owners" group

c. Check the user and select "Actions Remove Users from Group"

Repeat (a) - (c) for each group that the user is a member of within the site collection.


d. Next, click "Site Permissions" and select "Settings Site Collection Administrators"




e. Add the farm account as a site collection adminsitrator. Remove the user whose account has been deleted. Click OK.


f. Back at the "People and Groups" screen, click "People" and remove the user whose account has been deleted from the list.

Effectively, we have removed the user from the site collection entirely. This will flush the link between the user and his old SID.

3. Add the user to the site collection

Now, let's add the user back to the site collection

a. Click "Site Permissions"

b. Select "Settings Site Collection Administrators"

c. Add the user as a site collection adminsitrator. Remove the farm account that was added in the previous steps. Click OK.

And the user's access to his "my site" should be restored!