SharePoint 2013 User Profile Synchronization with Active Directory

SharePoint active directory import allows you to import the active directory user information to SharePoint user profile service.

User profile service application stores the information about the user like first Name, last name, Phone Number, location etc. in central location. SharePoint will create three databases for storing the profile information and associated data.

  1. Profile Database - This particular DB stores the user profile information.
  2. Social tagging Database - This database stores social tags and notes created by users.
  3. Synchronization Database - This database stores configuration and staging information. This helps for synchronizing data from external sources such as the Active Directory Domain Services (ADDS).

Prerequisites to perform the import:

  • To perform the synchronization, you must be a member of farm administrator group.
  • You must know the credentials of domain controller that has synchronization permission.

Before you begin with the synchronization note what AD import does not support.

  • Import operation is one way, changes made to the SharePoint user profiles wont reflect in AD.
  • The active directory import option lets you configure and use only a single farm wide property mapping.
  • Active directory import option does not support generic (non-AD) LDAP sources.
  • Active directory import option does not support BCS Import.

Importing the User profile information to active directory involves following four steps.

  • Enable Active directory import.
  • Configure synchronization connection.
  • Map active directory attributes with user profile properties in SharePoint.
  • After completion of above three start synchronization in SharePoint.

Enable Active directory import:

  • Open SharePoint Central Administration click on Manage service application under the Application Management section.
    sharepoint-2013-user-profile-01
  • In Manage Service Applications page, click on User Profile Service Application.
  • In Manage Profile Service page click Configure Synchronization Settings in the Synchronization section.
  • On the Configure Synchronization Settings page select Use SharePoint Active Directory Import option, and click OK.

Configure synchronization connection:

  • On the Manage Profile Service page, click Configure Synchronization Connections.
  • Now click on Create New Connection button.
  • In new synchronization connection page, enter the connection name in the Connection Name text box.
  • From the Type list, select Active Directory Import.
  • In the Fully Qualified Domain Name box, enter the Fully Qualified Domain Name.
  • Select the authentication provider type in Authentication Provider Type box.
  • Select an Authentication provider from the Authentication Provider Instance box when you select Trusted Claims Provider Authentication or Forms Authentication. The Authentication Provider Instance box lists only the authentication providers that are currently used by a Web application.
  • In the Account name box, enter the synchronization account with domain and username. The synchronization account must have Replicate Directory permissions or higher in the root OU of Active Directory.
  • In the Password box, enter the password for the synchronization account.
  • Enter the password for the synchronization account again in the Confirm password box.
  • In the Port box, enter the connection port. (optional)
  • Select Use SSL-secured connection If a Secure Sockets Layer (SSL) connection is required to connect to the directory service. (optional)
  • You can also filter objects that are imported from the directory service, in the Filter in LDAP syntax for Active Directory Import box, enter a standard LDAP query expression to define the filter. (optional)
    sharepoint-2013-user-profile-02
  • In the Containers section, click Populate Containers and then select the containers from the directory service which you want to synchronize. All OUs selected will be synchronized along with their child OUs.
  • Click OK and a newly created connection will be listed on the Synchronization Connections page.

Map AD attributes with user profile properties.

  • Click Manage service applications in the Application management section in the Central Administration.
  • Click User Profile Service Application in service application page.
  • Click Manage User Properties in the People section.
  • Right-click the name of the property that you want to map a directory service attribute, and then click Edit.
  • You can also remove an existing mapping by selecting the mapping that you want to remove, and then click Remove in the Property Mapping for Synchronization section.
  • To add a new mapping: In the Add New Mapping section, in the Source Data Connection list, select the data connection that represents the directory service to which you want to map the user profile property to.
  • In the Attribute box, enter the name of the directory service attribute to which you want to map the property.
  • Click Add.
  • Click OK.
  • Repeat steps 4 through 7 to map additional properties.

Start synchronization:

  • Click Manage service applications in the Application management section in the Central Administration.
  • Click on Start Profile Synchronization in the Synchronization section.
  • Select Start Full Synchronization in Start Profile Synchronization, if this is the first time you are synchronizing or if you have already added or modified any synchronization connections in the past.
  • Select Start Incremental Synchronization to synchronize only information that has changed in the last time synchronization.
  • Click OK. The Manage Profile page will display the status of profile synchronization in the right panel.
comments
0