When SharePoint 2010 was introduced, one of the major changes that it brought with it was a completely new infrastructure for working with user profiles. This infrastructure was based on the Forefront Identity Manager, and represented a fairly bold leap. With it, the integration possibilities were greatly increased, and it allowed for not only read, but write synchronization on a field by field basis (either read or write… not both!).
The problem was that it was unwieldy. Being from an agricultural background, I liken it to a combine. Useful, a lot of moving parts, and it breaks down easily. Couple this with the fact that with the initial release of SharePoint 2010, it wasn’t fully baked, and you have the recipe for what became the top support issue for SharePoint 2010 up until this point. Subsequent Service Packs and Hot Fixes have greatly improved the system (my gold standard is currently Service Pack 1 with the December 2011 Cumulative Updates), but the system does remain complex, and is arguably overkill where a simple Active Directory import is all that is required.
I put out a guide intended to simplify the steps, but the real comprehensive guide is by Spencer Harbar – I strongly recommend a read.
Well, everything old is new again. With SharePoint 2013, the product team heard these messages and brought back the simpler profile import that was in SharePoint 2007 as an option. It’s not available by default, and I don’t necessarily recommend using it (as always, it depends) but if your requirements are a simple import, then it may be for you. Here’s how to get it working.
To start with, do NOT start the User Profile Synchronization Service. This is the FIM based system, and is NOT required for the simple import to work.
Navigate to the User Profile Service Application (from Central Administration, Select Application Management, Manage Service Applications, and then your Profile Service Application). Then, select Configure Synchronization Settings from the Synchronization Section.
Then, instead of “Use SharePoint Profile Synchronization”, select “Use SharePoint Active Directory Import”, and click OK.
Once that is complete, you need to set up an import. To do that, select the “Configure Synchronization Connections” link from the Service Application page.
Then, click “Create New Connection”, and fill out the connection form accordingly.
One thing to note, and a deviation from the original SharePoint 2007 import mechanism is that the account used above MUST have the “Replicating Directory Changes” permission in Active Directory for the import to work. This is the same requirement as the 2010 synchronization, and the full synchronization service with SharePoint 2013.
Navigate back to the Profile Service Application page, and select “Start Profile Synchronization”.
Finally, Select the full synchronization option, and click OK.
After a relatively short period of time, your user profiles should be available.
Again, I don’t necessarily recommend the simpler option if your only problem is complexity, but I do think that is was wise of the product team to add this back in. If your requirements are truly import only, and you don’t have multiple identity systems, this is a quick way to get up and running. It’s also great for testing and demo environments.
18 Comments