Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sharepoint synchronisation to Active Directory

Posted on 2013-06-07
5
Medium Priority
?
504 Views
Last Modified: 2013-06-23
Hi all,

I have a sharepoint 2013 server setup, and we want user's photo to sync from sharepoint into active directory.

We have setup an AD connection and everything seems to sync fine apart from the photos. When looking in the event viewer we are getting event ID 6100, and in the miis client, we are getting "permissions issue - insufficient rights to perform the operation"

The synchronisation account has the following permission on the domain:

Read
Replication Synchronisation
Relicating Directory Changes
Create all child objects
Read thumbnailPhoto
Write thumbnailPhoto

Any ideas?

Thanks.
0
Comment
Question by:gmbaxter
  • 3
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 39230854
I assume you mean the account, you defined in the AD connection definition, right?

Have you checked for a example user, if the permission is propagated to the user?
Keep in mind, that membership of Domain or Org-Admin group braks the inheritage of permissions in AD.
0
 
LVL 11

Author Comment

by:gmbaxter
ID: 39236823
Yes the account defined in the AD connection. Oh you may be onto something there. Do I simply just add the permissions on the security tab of the admin privileged user?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39237992
The replicate permissions are set on the AD root folder as well as possibly on the configuration folder.

The other permissions are set on the container, where your users reside (to be inherited)
And be sure, the permissions are inherited... (see the security properties of an example user)
0
 
LVL 11

Author Comment

by:gmbaxter
ID: 39250967
Some of the privileged users were indeed not inheriting permissions. I have enabled inheritance on these and they seem to be working. There are a few accounts however which are not synching the pictures back to AD and they have permission inheritance enabled.
0
 
LVL 11

Author Closing Comment

by:gmbaxter
ID: 39269640
Thanks.

Could do with a bit more help on one or two users which aren't working, but I'll open another topic for that one.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question