Configure SharePoint User Profile Service Part 2
Configure User Profile synchronization with Active Directory
Select the User Profile Service and click the Manage button on the ribbon. You should see the screen just like the one below.
Default User
Profile Service configuration window after being created
Select Configure
Synchronization Connections in the Synchronization section. Now
click the Create new Connection option, if you see the
pop-up window In that case go back to Manage Services on Server and wait until the service starts.
Pop-Up window when
attempting to create the UPS synchronization connection
In the Add New
Synchronization connection window, we will need to fill-in several fields.
In the Connection Name
field enter a descriptive name of your connection, such as AD Synchronization.
In the Forest name field
enter the FQDN name of your domain (in my example: ad.local). Leave
the Auto discover domain controller option selected.
In the Account name, Password,
Confirm Password,enter credentials for the synchronization account
(sps_ups_sync).
User Profile
Synchronization Connection configuration
Now click the Populate
Containers button and select your AD organizational units you would like to
import. I’ve selected NetPro and Users OU’s where I usually store
all my users.
User Profile
Synchronization Connection – AD Container selection
Click OK and after a
while you should see your newly created connection listed. We can add
additional properties now, to tell the UPS Service that we do not want to import
AD accounts that are disabled. In my experience this is often requested by clients, so I propose
to make it a default for your setups.
Scroll over your connection name
and expand the menu using the black arrow on the right, then select Edit
Connection Filters option.
Edit Connection
Filters option under Synchronization connection name
Right now we need to add
exclusion filter for users that are disabled. You need to choose userAccountControl
attribute with Bit on equals operator with filter value 2.
See the screenshot below for the exact config you should perform.
Exclusion
configuration that would prevent importing disabled user accounts
Click the Add button – you
should see your newly created filter listed now. Click the OK button and
go back to the User Profile Service settings window.
Pages: 1 2
Array
great article helped alot is setup…. I was wondering if you ever saw anything like this:
I set up the connection it works fine for about 12 hours then, it fails with this “failed to run because the credentials were invalid” I add the password back into the sync account page and it works again for about 12 hours and fails with the same error.
Also if I add the password back at any time prior to the 12 hour faiure, it will error at the 12 hours from the original time I set the password. But every time it fails and I set the password again and it continues to work for 12 hours.
There is no trust to this domain, and I am being told (by management) that we do not need one as it works for 12 hours so I just need to modify what is stopping it at 12 hours… Any Ideas on what that would cause this to stop at 12 hours?
Error
Log Name: Application
Source: FIMSynchronizationService
Date: 11/17/2011 8:20:18 AM
Event ID: 6000
Task Category: Management Agent Run Profile
Level: Error
Keywords: Classic
User: N/A
Computer: CenAdmn.corp.company.com
Description:
The management agent “CompanyExternalAD” failed to run because the credentials were invalid.
User Action
Verify the credentials and configuration for the management agent.
Event Xml:
6000
2
1
0×80000000000000
190201
Application
CenAdmn.corp.company.com
CompanyExternalAD
DS_DELTAIMPORT