Friday, April 19, 2013

Importing Active Directory profiles to SharePoint 2013

This post describes one way communication of Active Directory users to be brought into SharePoint 2013 environment.
We need an account set up for the AD profile synchronization. Let’s call it “SharePointADSync“, we need to configure a couple of things on this account in AD:

Add “Replicate Directory Changes” permission
  • On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  • In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
  • On the first page of the Delegation of Control Wizard, click Next.
  • In the Users or Groups page, click Add.
  • Type the name of the synchronization account, and then click OK.
  • Click Next.
  • In the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
  • On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
  • On the Permissions page, in the Permissions box, select Replicate Directory Changes, and then click Next.
  • Click Finish

Follow these steps now to import AD profiles to SharePoint.

Go to Central Admin. Click Manage Service applications under Application Management.

From the list of services, click on the User Profile Service Application
Under Synchronization, click Configure Synchronization Settings

Select the “Use SharePoint Active Directory Import” radio button under Synchronization Options. Click OK to save settings. You will then be redirected to the User Profile page.
Under Synchronization, click Configure Synchronization Connections and create a new connection.

Fill in appropriate values and click Populate Containers. Once the containers are populated, check the ones you would like to import to SharePoint and save the connection. In the Account name, enter the SharePointADSync account details that we have created for this purpose. 

No you can go ahead and do a full import, which will import the selected profiles to your SharePoint.

8 comments:

Anonymous said...

Can I only import all user in AD to User Profile without Replication. Because I can not request delegation right for that user?

anand sharma said...

If I understand your question correctly, the answer is Yes, you can. I would create an OU in AD and map my UP in SharePoint to that OU. You can email me if you are struggling with any scenario. Thanks.

Anonymous said...

I was able sync the basic user profile properties. Mapping to other properties is not working like Picture or mobile.. or any other property which has not been imported by default. Please suggest!

anand sharma said...

I have written this post for you. Hope this helps.

http://blog.sharepointclick.com/2013/05/mapping-custom-active-directory-fields.html

A.A said...

Thanks Anand,
Very good article and very useful ....

Luiz Fernando Braz said...

Hello, is there any way to sync AD groups ? I configured Sync and everything is going fine except sync of AD groups.

Best regards !!
Luiz

Luiz Fernando Braz said...

Hello, is there any way to sync AD groups ? I configured Sync and everything is going fine except sync of AD groups.

Best regards !!
Luiz

anand sharma said...

By AD groups, I assume you mean the security groups in AD. If you set up the connection, and run a full import, it will import all users and groups (both). There is nothing extra that you need to do for importing the security groups. If you are having any issues, kindly mention the steps you have performed and the issues you are facing and email it to me and we can work it out together. Thanks.