I had an unusual case this week where a SharePoint 2007 installation did not have User Profile Synchronization enabled, but we needed to refresh (or more specifically, just update) SharePoint’s version of that user account with updated information from Active Directory. We had two scenarios: a user who had gotten married and had a new last name, but the old last name was being displayed in SharePoint; and a user who was only being displayed using their DOMAIN\User format rather than a more user friendly display name. Both of these issues have to do with synchronizing Active Directory and SharePoint, and both were overcome using some simple Powershell commands.
Here’s what I learned along the way.
1. In a SharePoint content database, there is a table called UserInfo, which (no surprise) contains information about the users that have been granted permission to the SharePoint site collection or its sites. When a user is added to a SharePoint group, for instance, a query is made to Active Directory for that account, and the record is created in UserInfo.
2. The ‘People Picker’ control will display results from both Active Directory and the UserInfo table, with the UserInfo table taking a slight precedence. In my case, where I had a user being shown with their DOMAIN\User formatted name, that value would display in the People Picker rather than the ‘Last, First’ variant of their name.
3. Most of the guidance on the web assumes that the User Profile Synchronization is in place. This was not the case in my situation since this was a public facing site and did not have My Sites.
The first thing I tried was to delete the user from the Site Collection, then re-add them to a group. All this did was mark the user’s record in UserInfo as deleted, and when I re-added them it unmarked it. There (so far as I could tell) was not a re-query to Active Directory that occurred as I would have hoped.
So, since it is well established that thou shall not touch the SharePoint content database directly, I set out to find a way to edit the UserInfo record through a sanctioned method. And that, even for SharePoint 2007, was Powershell.
First, we need to load up the SharePoint Assemblies
> [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
Then we connect to our site collection
> $site = New-Object Microsoft.SharePoint.SPSite("http://www.portal.com")
Then we get the root web of the site collection
> $web = $site.RootWeb
We then need to connect to the User Information List, which corresponds to the UserInfo table.
> $list = $web.Lists["User Information List"]
And now we can select out the individual user record we want to update. We’ll filter on the Account field, which should match our Active Directory user information.
> $user = $list.Items | where {$_["Account"] -eq "DOMAIN\User"}
If you look at the details of the $user object, you’ll see it has both a Name and DisplayName property. Don’t be fooled, however, these fields are read only. The one we want is Title.
So, lets update the Title value for this user and save the changes.
> $user["Title"] = "Lastname, Firstname" > $user.update()
To check, I go back to the site and refresh the User Information List page – and sure enough, the updated value is applied.
Finally, then, we need to clean up after ourselves and dispose of the SharePoint objects.
> $web.Dispose() > $site.Dispose()
This same approach can be used to update a user’s email address in SharePoint.
Leave a Reply