In SharePoint 2010, there was only one method allowing you to sync user profiles between your user repository and your SharePoint environment which was essentially a lightweight version of FIM.
With SharePoint 2013, there are now three methods that you to carry out the aforementioned sync operation.
- SharePoint Profile Synchronization (lightweight FIM)
- Active Directory Import
- External Identity Manager (C#)
While the focus of this article is Active Directory Import, the amount of enhancements that have been done especially with regards to the performance of lightweight FIM elicit mentioning.
One of the most important areas of enhancements is regarding how FIM retrieves data from BCS.
In SharePoint 2013, import operations from BCS are done as batches rather than one by one.
Furthermore, indexes were added to user properties that eliminated full table scans. A number of unused provisioning steps were also removed.
The end result? One piece of anecdotal evidence show that 300K users took less than 7 hours for a full import operation, previously it took nearly three weeks.
Active Directory Import
Active Directory Import allows you to import users from active directory into your SharePoint 2013 environment. The logical question would then be what are the pro and cons of ADI and when should I used it over FIM. The table below summarizes these points.
|Extremely fast performance||Cannot import from more than one user repository|
|Very reliable||Cannot import from any other user repository than AD (no LDAP support)|
|Connect to forests with multiple domains||Sync is one way from AD into SharePoint (hence the “import” in the name)|
|Windows, FBA and claims are all supported|
I now use ADI for any development/PoC environment. I would also highly recommend it for any production environment that leverages only AD DS and doesn’t require writing back to AD.
Synchronization on SharePoint 2013
Open SharePoint 2013 Central Administration site, and then click Manage Service Applicationssection, click Configure Syncronization Connections under User Profile Service .
Please note that only one user profile has been imported to SharePoint 2013.
For importing new profiles to SharePoint you have to create a new connection to, in the most times,Active Directory.
So, please click on “Create New Connection”
But you will receive an error that says “Cannot navigate to the requested page because the service is not running”.
This means, that you have to start the service under “Services on Server”.
You have to fill the password. BUT be aware the user needs “Replicating domain changes”. This is a requirement because without this, you can’t import changes from SP to AD, or AD to SP.
If you don’t know how to do it, please connect to your Domain Controller and click on “Active Directory for Users and Computers”.
Made a right-click on the domain and click to “Delegate Control”
And give your user who has to replicate domain changes the adequat right.
Then under “Services under Server” please start the User Profile Synchronization Service but be aware, it will take more than 5 minutes before start. So, if it does not start directly do not panic.
Now, you can make a new connection to your Active Directory.
- A connection Name: SpPirate AD
- Type: Active Directory
- Forest name: SpPirate.Net
- Account Name: sppirate\spfarm
- Password: Vision1T
Under populate containers; please choose what exactly you need. In the earlier version of SharePoint (2007) you couldn’t choose your containers and it was a real disillusion, because it took everything Even Service Accounts.
But there is a workaround for this: http://www.gokanozcifci.be/subsite/user-profile-syncronization-importing-different-ou-in-sharepoint-2007.html
And you can now Start a Profile Synchronization.
And you can see that our imported User Profiles has been updated from 1 to 4. Meaning that the users has with their profile has been imported to SharePoint 2013.
You can now made a search on a specific user and you will be prompted with that user.
Setting Up MySite
My Site is your personal starting point for viewing and contributing to your organization’s intranet through the portal site. It provides a place to save and share your work, a way to find and connect with other people in your organization and see their work, and a way to customize how other people in your organization see your work. To view My Site, click My Site on the navigation bar of the portal site.
When finished with creating your site collection, copy the hyperlink.
Return again to the User Profile Service Application, we have to define our My Site Settings.
Under the My Site Settings click on Setup MySite
We have to fill 4 things to configure our MySite:
- My Site Host: ( our just created site collection )
- Location: myPersonal
- Site naming Format: User Name ( do not resolve conflict )
- And be sure that all authenticated users can use MySite.
Everything is completed, so we can surf to our website (MySite) and see if everything is working. On my environment, I got a strange internal (500) error.
I searched on Internet but found nothing.
But my experience on SharePoint says me an “IISRESET” will resolve everything, and it was the case. J
Now, you can edit your profile:
- Add a picture
- Add a project
- Add your school
But, you will get a message saying that the process is still busy and that you have to wait to see the changes.
Actually this means that the service is only running per hour, so the possibility is that you can wait “ONE” hour before seeing your changes on your profile.
If you don’t want to wait, you can edit the service or just click on “run now”.
The service name is “Social Data Maintenance Job”
And you can enjoy about your new profile ..