Configure SharePoint User Profile Service Part 2

Configure User Profile synchronization with Active Directory

Select the User Profile Service and click the Manage button on the ribbon. You should see the screen just like the one below.

SharePoint UPS User Profile Service

Default User
Profile Service configuration window after being created

Select Configure
Synchronization Connections
in the Synchronization section. Now
click the Create new Connection option, if you see the
pop-up window In that case go back to Manage Services on Server and wait until the service starts.

SharePoint UPS User Profile Service

Pop-Up window when
attempting to create the UPS synchronization connection

In the Add New
Synchronization connection window, we will need to fill-in several fields.

In the Connection Name
field enter a descriptive name of your connection, such as AD Synchronization.

In the Forest name field
enter the FQDN name of your domain (in my example: ad.local). Leave
the Auto discover domain controller option selected.

In the Account name, Password,
Confirm Password
,enter credentials for the synchronization account

SharePoint UPS User Profile Service

User Profile
Synchronization Connection configuration

Now click the Populate
button and select your AD organizational units you would like to
import. I’ve selected NetPro and Users OU’s where I usually store
all my users.

SharePoint UPS User Profile Service

User Profile
Synchronization Connection – AD Container selection

Click OK and after a
while you should see your newly created connection listed. We can add
additional properties now, to tell the UPS Service that we do not want to import
AD accounts that are disabled. In my experience this is often requested by clients, so I propose
to make it a default for your setups.

Scroll over your connection name
and expand the menu using the black arrow on the right, then select Edit
Connection Filters

SharePoint UPS User Profile Service

Edit Connection
Filters option under Synchronization connection name

Right now we need to add
exclusion filter for users that are disabled. You need to choose userAccountControl
attribute with Bit on equals operator with filter value 2.
See the screenshot below for the exact config you should perform.

SharePoint UPS User Profile Service

configuration that would prevent importing disabled user accounts

Click the Add button – you
should see your newly created filter listed now. Click the OK button and
go back to the User Profile Service settings window.

Pages: 1 2


One Response to “Configure SharePoint User Profile Service Part 2”

  1. great article helped alot is setup…. I was wondering if you ever saw anything like this:

    I set up the connection it works fine for about 12 hours then, it fails with this “failed to run because the credentials were invalid” I add the password back into the sync account page and it works again for about 12 hours and fails with the same error.

    Also if I add the password back at any time prior to the 12 hour faiure, it will error at the 12 hours from the original time I set the password. But every time it fails and I set the password again and it continues to work for 12 hours.

    There is no trust to this domain, and I am being told (by management) that we do not need one as it works for 12 hours so I just need to modify what is stopping it at 12 hours… Any Ideas on what that would cause this to stop at 12 hours?

    Log Name: Application
    Source: FIMSynchronizationService
    Date: 11/17/2011 8:20:18 AM
    Event ID: 6000
    Task Category: Management Agent Run Profile
    Level: Error
    Keywords: Classic
    User: N/A
    The management agent “CompanyExternalAD” failed to run because the credentials were invalid.

    User Action
    Verify the credentials and configuration for the management agent.
    Event Xml: