Navigate Up
Sign In

SharePoint 2013: User Profile Synchronization: Direct Active Directory Import

Item is currently unrated. Press SHIFT+ENTER to rate this item.1 star selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+ESCAPE to leave rating submit mode.2 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.3 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.4 stars selected. Press SHIFT+ENTER to submit. Press TAB to increase rating. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.5 stars selected. Press SHIFT+ENTER to submit. Press SHIFT+TAB to decrease rating. Press SHIFT+ESCAPE to leave rating submit mode.

You may also be interested in: O'Reilly - SharePoint 2010 at Work

 

Editor's note: Contributor Gokan Ozcifci is a SharePoint Consultant at Vision IT Group. Follow him @gokanozcifci

As you all know, many changes have been made in SharePoint Server Application Services. The Search Service Application and also the User Profile Synchronization Service has been improved in the new version of SharePoint.

2013-03-27-UserProfileSync-01.png

The classic User Profile Synchronization Service Application ( SharePoint 2010 and SharePoint 2013 ) still and always uses the FIM to get any data from Active Directory to fill our profiles.

But now, in SharePoint 2013, there is something called “Direct Active Directory Import

The main novelty lies in the synchronization of properties of users in the corporate directory (Active Directory only) with the ability to import it directly.

Is it that concrete? The direct import can synchronize the SharePoint user profiles with Active Directory without using Forefront Identity Manager (FIM), as was the case in SharePoint 2010.

To explain it as simply as possible: “Direct Import from Active Directory which is designed to import the AD profile as quickly as possible.”

Are there benefits??? A big “YES”.. Not using FIM :-) ! What Administrator has never had a problem with this service application? Problems with “Starting” User Profile Service Applications? .. It’s all over now

But there are also some limitations:

  • Mapping to system SharePoint properties is not supported.
  • Mapping two different AD attributes to the same SharePoint property is not supported

How does it work? The direct import works without starting the Synchronization Service in SharePoint (which is used for communication with the FIM configuration)! Actually, the Direct Import services are based on User Profiles.

2013-03-27-UserProfileSync-02.jpg

Configure the type of import, configure the connection to the directory and then run the Syncronization ... And that’s all.

According to this article, the following script snippet can be used to enable AD Import mode in SharePoint Server 2013: Only the OU setting is removed when you run the Remove-SPProfileSyncConnection cmdlet in SharePoint Server 2013


$UPSA=Get-SPServiceApplication -Name "<User Profile Service Application Name>"
$UPSA.NoILMUsed=$true
$UPSA.Update()

The User Profile Replication engine is an optional component of SharePoint Server 2010 and is part of the SharePoint Administration Toolkit. It replicates User Profiles and social data between User Profile service applications.

The User Profile Replication Engine ( UPRE ) which was a separate download tool comes as an out-of-the-box feature in SharePoint Server 2013.

It comes in very handy when you have a Development, Q&A and Production environment. Instead of building it all again from scratch, you can replicate all, or some, user profiles.

For more information please read and refere to:
http://www.harbar.net/archive/2012/07/23/sp13adi.aspx

Happy configuring,

Categories: SPF 2013; User Profile Service

Comments

schneika

Export not supported?

And what about export to AD. It seems not functional...

Posted 28-Mar-2013 by schneika
Thomas Radman

Adding property mappings programatically through PowerShell

If you would like to add those propertymappings programatically, you have to be aware, that if your connection is of type "ActiveDirectoryImport", the methods of the classic sync-connection won´t work, because Microsoft implemented it in a different way. This is also reflected at http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.connection.propertymapping.aspx where they state, that the Connection.PropertyMapping property is NULL in case of ActiveDirectoryImport.
 The great thing about it is, that it got much simpler through the ActiveDirectoryImportConnection.AddPropertyMapping method.
Try this:
 $site = New-Object Microsoft.SharePoint.SPSite
 $context = [Microsoft.SharePoint.SPServiceContext]::GetContext($site)
 $configManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager $context
 $UPAConnMgr = $configManager.ConnectionManager
 $Connection = ($UPAConnMgr | select -First 1)
 if ($Connection.Type -eq "ActiveDirectoryImport"){
   $Connection.AddPropertyMapping("streetAddress","SPS-Location")
   $Connection.Update()
 }
 

Posted 23-Nov-2013 by Thomas Radman
Thomas Radman

Adding property mappings programatically through PowerShell

*correction*
$site = New-Object Microsoft.SharePoint.SPSite <centraladmin-URL>

Posted 23-Nov-2013 by Thomas Radman
Benjamin

DONT'T use property "NoILMUsed"

We had right now a case at Microsoft because the NoILMUsed crashed our UPA Config. It is officially documented that it is not allowed: "Support policy regarding use of NoILMUsed property" - http://support.microsoft.com/kb/2624198
 
"This property is for Microsoft-internal use only. Using this property could put your profile service application and data in an unusable state."
 
Microsoft confirmed that there is currently no option except the GUI to switch the sync modus.

Posted 26-Nov-2013 by Benjamin

Notify me of comments to this article

E-mail:
   

Add Comment

Title:

 
Comment:
Email:

   


Name:

 
Url: