Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SharePoint User Profile Sync (UPS) issues

Posted on 2014-11-18
1
1,706 Views
Last Modified: 2014-11-20
Every time I try to enable UPS SharePoint Profile Synchronization in the Manage Profile Service: User Profile Service, the service appears to work great and everything is fine, however some things end up breaking. When it is on Sync instead of Import from AD, the org chart no longer functions as expected. It only shows the current user  (no vertical or horizontal org display). I checked on this and it appears that, during sync, the manger option is removed from user profiles.

Also, I have enabled Export of the thumbnailPhoto attribute in SP. So, when users upload their photos, it should periodically export those photo thumbnails into my AD database. No errors that I can find anywhere, however the attribute is still null in AD for all current users with photos. I have double checked the mapping for this attribute, and thumbnailPhoto is set to export in sharepoint.

Switching the sync option back from profile sync to AD import fixes the org chart issue, (adds managers back in) but that won't work if I want to sync the picture (and possibly let my end users modify some information about themselves) from SP into AD. Anyone seen anything like this?

I've added some things from http://technet.microsoft.com/en-us/library/hh296982.aspx for permissions hoping that it would help me out. I went into the "Edit User Profile Property" so I can see the options and it looks right to me... "Property Mapping for Synchronization" is set to manager with the direction set to import. Interestingly.. even though it has permission to replicate changes to AD it doesn't remove the manager from AD. I haven't witnessed the sync changing anything in AD at all so that makes me thing that, for some reason, I don't have some settings properly set.

For a little background, I use a user profile called SPServices to handle the User Profile service and it is set as an admin of that service with full control. Like I mentioned above, I followed the technet article and added relevant replication permissions, write permissions, and create child object permissions.

EDIT: I completely reconfigured the User Profile Service with a different account (SPUSERPROFILE) and followed every guide I could find to the letter (including http://blogs.technet.com/b/nishants/archive/2012/02/21/how-to-sync-picture-from-sharepoint-to-active-directory-and-hence-to-outlook-and-lync.aspx because I really would like the picture export functionality). Everything appears to be starting up fine, running the sync fine, making the connection to AD with my new Sync Connection.. but it does the exact same thing. The Manager attribute is immediately removed even though I didn't modify the access mapping at all (it is still set to import).
0
Comment
Question by:MBisch
1 Comment
 

Accepted Solution

by:
MBisch earned 0 total points
ID: 40455334
I was finally able to roll through some errors I found in miisedit (C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe) and found one particular error that stated:

One or more errors occurred. ---> Microsoft.Office.Server.UserProfiles.UserProfileException: Exception while trying to migrate account 'DOMAIN\user' to 'DIFFERENTDOMAIN\user'. ---> Microsoft.SharePoint.SPException: The user does not exist or is not unique.

After some searching, I found some other users having a similar issue by searching the fields for the error title "ma-extension-error" and came across a guide to enable Import NetBIOS Domain Names.

SharePoint 2013 Management Shell
Get-SPServiceApplication

<lists the Service Applications and their GUIDs>

$UPA = Get-SPServiceApplication –Id <GUID of User Profile Service Application which is listed from previous string>

$UPA.NetBIOSDomainNamesEnabled=1

$UPA.Update()

Open in new window

Code from iedaddy.com

Then, after resetting my SharePoint connector (Configure Synchronization Connections) I was finally able to get this to work. This solution fixed both the manager issue I was having and the picture export issue. I can only assume manager was broken because of the domain.NetBIOS domain name not being the same.

The only remaining issue is a permission-issue  (Insufficient access rights to perform the operation.) on 18 of my users. Every user in the list has elevated permissions, and includes our entire IT department, so I assume there is some simple modification I can change to get replication to work on these users.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question