Solved

Sharepoint synchronisation to Active Directory

Posted on 2013-06-07
5
489 Views
Last Modified: 2013-06-23
Hi all,

I have a sharepoint 2013 server setup, and we want user's photo to sync from sharepoint into active directory.

We have setup an AD connection and everything seems to sync fine apart from the photos. When looking in the event viewer we are getting event ID 6100, and in the miis client, we are getting "permissions issue - insufficient rights to perform the operation"

The synchronisation account has the following permission on the domain:

Read
Replication Synchronisation
Relicating Directory Changes
Create all child objects
Read thumbnailPhoto
Write thumbnailPhoto

Any ideas?

Thanks.
0
Comment
Question by:gmbaxter
  • 3
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
Comment Utility
I assume you mean the account, you defined in the AD connection definition, right?

Have you checked for a example user, if the permission is propagated to the user?
Keep in mind, that membership of Domain or Org-Admin group braks the inheritage of permissions in AD.
0
 
LVL 11

Author Comment

by:gmbaxter
Comment Utility
Yes the account defined in the AD connection. Oh you may be onto something there. Do I simply just add the permissions on the security tab of the admin privileged user?
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
The replicate permissions are set on the AD root folder as well as possibly on the configuration folder.

The other permissions are set on the container, where your users reside (to be inherited)
And be sure, the permissions are inherited... (see the security properties of an example user)
0
 
LVL 11

Author Comment

by:gmbaxter
Comment Utility
Some of the privileged users were indeed not inheriting permissions. I have enabled inheritance on these and they seem to be working. There are a few accounts however which are not synching the pictures back to AD and they have permission inheritance enabled.
0
 
LVL 11

Author Closing Comment

by:gmbaxter
Comment Utility
Thanks.

Could do with a bit more help on one or two users which aren't working, but I'll open another topic for that one.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now