We need an account set up for the AD profile synchronization. Let’s call it “SharePointADSync“, we need to configure a couple of things on this account in AD:
Add
“Replicate Directory Changes” permission
- On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
- In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
- On the first page of the Delegation of Control Wizard, click Next.
- In the Users or Groups page, click Add.
- Type the name of the synchronization account, and then click OK.
- Click Next.
- In the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
- On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
- On the Permissions page, in the Permissions box, select Replicate Directory Changes, and then click Next.
- Click Finish
Follow these steps now to import AD profiles to
SharePoint.
Go
to Central Admin. Click Manage Service applications under Application
Management.
From
the list of services, click on the User Profile Service Application
Under Synchronization, click Configure Synchronization
Settings
Select
the “Use SharePoint Active Directory Import” radio button under Synchronization
Options. Click OK to save settings. You will then be redirected to the User
Profile page.
Under
Synchronization, click Configure Synchronization Connections and create a new
connection.
Fill
in appropriate values and click Populate Containers. Once the containers are
populated, check the ones you would like to import to SharePoint and save the
connection. In the Account name, enter the SharePointADSync account details that we have created for this purpose.
No
you can go ahead and do a full import, which will import the selected profiles
to your SharePoint.
8 comments:
Can I only import all user in AD to User Profile without Replication. Because I can not request delegation right for that user?
If I understand your question correctly, the answer is Yes, you can. I would create an OU in AD and map my UP in SharePoint to that OU. You can email me if you are struggling with any scenario. Thanks.
I was able sync the basic user profile properties. Mapping to other properties is not working like Picture or mobile.. or any other property which has not been imported by default. Please suggest!
I have written this post for you. Hope this helps.
http://blog.sharepointclick.com/2013/05/mapping-custom-active-directory-fields.html
Thanks Anand,
Very good article and very useful ....
Hello, is there any way to sync AD groups ? I configured Sync and everything is going fine except sync of AD groups.
Best regards !!
Luiz
Hello, is there any way to sync AD groups ? I configured Sync and everything is going fine except sync of AD groups.
Best regards !!
Luiz
By AD groups, I assume you mean the security groups in AD. If you set up the connection, and run a full import, it will import all users and groups (both). There is nothing extra that you need to do for importing the security groups. If you are having any issues, kindly mention the steps you have performed and the issues you are facing and email it to me and we can work it out together. Thanks.
Post a Comment