SHAREPOINT - DELETED AND RECREATED USER DOESN’T HAVE PERMISSIONS TO SITE, ACCESS DENIED! Reused email causes SharePoint Issue

SHAREPOINT  - DELETED AND RECREATED USER DOESN’T HAVE PERMISSIONS TO SITE, ACCESS DENIED! Reused email causes SharePoint Issue

Problem

When onboarding a new employee for a customer, we ran into an issue when giving the new user access to sites in SharePoint. Assigning the license to the user and initially adding her to SharePoint went smoothly. But when it came to giving her site permissions (in the site settings), we ran into an issue.

The actual process of adding her to sites appeared to work – until you refreshed the user lists on that site. She wasn’t actually being added. We went through the process a few times, with the same result.

That’s when we noticed something funny – the new user wasn’t being added. An old user, however, WAS being added.

Root Cause 

It turns out – the old user being added was the key to figuring out what was going on.

This customer uses the first name@company for their email addresses and Office 365 aliases. The customer previously had an employee with the same name and the same email address who was no longer at the company.

When trying to add the new user, SharePoint was associating the email with the old user (who previously used on SharePoint) and pulling her in rather than the new user.

The old user had been deleted entirely from their Office 365 tenant. For some reason, despite that, the user wasn’t deleted entirely from SharePoint. When we talked to Microsoft, we were told it was a glitch in their system. Not great news, but it did mean there wasn’t anything we (or the customer) could’ve done differently while offboarding the old user.

How to Fix

This turned out to be an easy fix once the root problem was discovered. We just had to completely delete the old user from SharePoint.

To do this, we had to bring up the list of ALL users for each SharePoint site. The easiest way to get to this list is by replacing the last number In the URL for the site with zero. Once we were on that screen, we deleted the old user from each site (this had to be done individually).

Once the old user was deleted, the new user was added to the sites using the normal method.

1. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0

   For example, the full URL will resemble the following: https://fabrikam.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0

2. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection.

3. Now add the user again following normal process & now the new profile should get picked up. 

Above issue occurs due to mismatch in PUID - Read More

Clear browser history

SharePoint uses browser caching in several scenarios, including in the people picker. Even when a user is fully removed, he or she may still remain in the browser cache. Clearing the browser history resolves this issue. For info about doing this in Edge,

Restore SharePoint Deleted Site

Restore SharePoint Deleted Site

When you delete a user in the Microsoft 365 admin center (or when a user is removed through Active Directory synchronization), the user's OneDrive will be retained for the number of days you specify in the OneDrive admin center. (For info, see Set the default file retention for deleted OneDrive users.) The default is 30 days. During this time, shared content can still be accessed by other users. At the end of the time, the OneDrive will be in a deleted state for 93 days and can only be restored by a global or SharePoint admin.

For info about using Files Restore to restore a OneDrive to a previous point in time, see Restore your OneDrive.

For info about restoring items from the recycle bin in OneDrive, see Restore deleted files or folders.

Restore a deleted OneDrive when the deleted user no longer appears in the Microsoft 365 admin center

If the user was deleted within 30 days, you can restore the user and all their data from the Microsoft 365 admin center. To learn how, see Restore a user in Microsoft 365. If you deleted the user more than 30 days ago, the user will no longer appear in the Microsoft 365 admin center, and you'll need to use PowerShell to restore the OneDrive.

1. Download the latest SharePoint Online Management Shell.

    Note

   If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs and uninstall "SharePoint Online Management Shell."
   On the Download Center page, select your language and then click the Download button. You'll be asked to choose between downloading a x64 and x86 .msi file. Download the x64 file if you're running the 64-bit version of Windows or the x86 file if you're running the 32-bit version. If you don't know, see Which version of Windows operating system am I running?. After the file downloads, run it and follow the steps in the Setup Wizard.

2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting started with SharePoint Online Management Shell.

3. Determine if the OneDrive is available for restore

• If you know the URL of the OneDrive, run the following command:

PowerShell

Get-SPODeletedSite -Identity <URL>

A user's OneDrive URL is based on their username. For example, 
https://microsoft-my.sharepoint.com/personal/user1_contoso_com. You can find their username on the Active users (or Deleted users) page in the Microsoft 365 admin center. 

• If you don't know the URL of the deleted OneDrive, run the following command:

PowerShell

Get-SPODeletedSite -IncludeOnlyPersonalSite | FT url

• If the OneDrive appears in the results, it can be restored.

4. Restore the OneDrive to an active state:

PowerShell

Restore-SPODeletedSite -Identity <URL>

5. Assign an administrator to the OneDrive to access the needed data:

PowerShell

Set-SPOUser -Site <URL> -LoginName <UPNofDesiredAdmin> -IsSiteCollectionAdmin $True

For more info about these cmdlets, see Get-SPODeletedSite and Restore-SPODeletedSite.

Permanently delete a OneDrive

After you recover the data you need from the OneDrive, we recommend that you permanently delete the OneDrive by running the following command:

PowerShell

Remove-SPODeletedSite -Identity <URL>

 Caution

When you permanently delete a OneDrive, you will not be able to restore it

Deleted from the Microsoft 365 admin center but still appears in SharePoint

Remove people from the UserInfo list

Scenario 1: Someone is deleted from the Microsoft 365 admin center but still appears in SharePoint.

When a user or guest browses to a SharePoint site, their user information is cached in the UserInfo list. When the user or guest is deleted, their related UserInfo information is not removed. Their profile still appears, which may cause confusion when people view the people picker.

Scenario 2: A mismatched PUID.

This issue most frequently occurs when a user is deleted and the account is then re-created with the same user name. The account in the Microsoft 365 admin center or Active Directory (in directory synchronization scenarios) is deleted and re-created with the same user principal name (UPN). The new account is created by using a different PUID value. When the user tries to access a site collection or their OneDrive, the user has an incorrect PUID. A second scenario involves directory synchronization with an Active Directory organizational unit (OU). If users have already signed in to SharePoint, and then are moved to a different OU and resynced with SharePoint, they may experience this problem.

Remove people from the UserInfo list

The preceding steps removed access to Microsoft 365 and SharePoint. However, the user or guest still appears in people searches and in the SharePoint Online Management Shell when you use the Get-SPOUser cmdlet. To completely remove people from SharePoint, you must remove them from the UserInfo list. There are two ways to do this:

Note

This option is available only if the user previously browsed to the site collection. They won't be listed if they were granted access but never visited the site

1. Browse to the site and edit the URL by adding the following string to the end of it: /_layouts/15/people.aspx?MembershipGroupId=0

   For example, the full URL will resemble the following: https://fabrikam.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0

2. Select the person from the list, and then on the Actions menu, select Delete Users from Site Collection.

Using the SharePoint Online Management Shell

1. Download the latest SharePoint Online Management Shell.

2. Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. To learn how, see Getting started with SharePoint Online Management Shell.

3. Run the following command:

   PowerShell

   Remove-SPOUser -Site https://fabrikam.sharepoint.com -LoginName jondoe_fabrikam.com#EXT#@fabrikam.onmicrosoft.com
   

    Note

   Replace the _jondoe_fabrikam.com#EXT#@fabrikam.onmicrosoft.com_ placeholder with the person in question.

Clear browser history

SharePoint uses browser caching in several scenarios, including in the people picker. Even when a user is fully removed, he or she may still remain in the browser cache. Clearing the browser history resolves this issue. For info about doing this in Edge,

Restore Soft Deleted MailBox To Shared Mail Box

Restore Soft Deleted MailBox To Shared Mail Box

Connect PowerShell to Exchange Online using below command:

 

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection

Import-PSSession $Session

 

Then checked the old user in Soft Delete

Get-Mailbox –SoftDeletedMailbox  //Check the deleted user details

Get-mailbox –SoftDeletedMailbox –Identity “Name of the mailbox” | fl *guid*

Copy the GUID (not Exchange GUID) in a notepad (1)

Get-mailbox –Identity “Email address of the new user” | fl *guid*

Copy the GUID (2)

 

Following command will copy the old mailbox’s email to the new mailbox.

New-MailboxRestoreRequest -SourceMailbox "GUID (1)" -TargetMailbox "GUID (2)" -TargetRootFolder "Old Mailbox" –AllowLegacyDNMismatch

 

Since user had Archive enabled we restored the archive mailbox seperately

We ran the below commands to get the ArchiveGuid

Get-Mailbox -Identity user@domain.com -SoftDeletedMailbox |fl " ArchiveGuid"

Get-Mailbox -Identity user@domain.com |fl "ArchiveGuid"

 

New-MailboxRestoreRequest -SourceMailbox "GUID (1)" -TargetMailbox "GUID (2)" -TargetRootFolder "Old Mailbox" –AllowLegacyDNMismatch

Whitelist Email Address in O365

Whitelist Email Address in O365

How to Whitelist Email Address in Office 365

1. Open the Exchange Admin Center.
2. Click on Protection.
3. Click on Spam Filter.
4. Double click on Default.
5. Click on Allow Lists.
6. Under Allow Lists, click the + to add a new email address.
7. In the window that pops up, add the address you’d like to let through.
8. Click Save.
9. Click Save again.

That’s it! Now email from that address will be delivered to your organization’s inboxes, not marked as junk.

More Detailed Instructions for Whitelisting Emails

1. Sign into Office 365: Go to https://portal.office.com and sign in.
2. Click on Admin from your list of apps.
   
3. In the left-hand column, click on the Admin Center icon, then click Exchange to open the Exchange Admin Center.
   
4. Click on Protection from the left-hand menu.
   
5. Click on Spam Filter.
   
6. Double-click on Default.
   
7. In the pop-up window, click on Allow Lists.
   
8. Under Allowed Sender or Allowed Domain, click the + to add a new email address. Be careful about allowing whole domains, as entering popular domains here like gmail.com can allow bad actors to bypass filtering.
9. In the window that pops up, add the address you’d like to let through.
   
10. Click OK.
11. Click Save.

That’s it! Now email from that address will be delivered to your organization’s inboxes, not marked as junk.