none
AD Users Not being imported after new Profile Service?

    Question

  • hello SharePoint Fam,

    I totally blew away my previous UPS due to so many errors during syncs but the synchs always 100% pulled all users from OU group.  I have totally configured new profile service correctly and when I run a full sync I am not getting the 8,000 accounts after synch.  The MIS client is not showing any errors at all and I am not seeing any errors at all in ULS, the synch is thinking that it is 100% pulling information but not pulling any users from the selected ou.  The group is called domain users which contains all our users.....below is MIS client, any idea on what I am missing, i am on my 6 time of recreating user profile service to try get succesful sync. thnx nadvance

    Thursday, October 31, 2013 2:11 PM

Answers

  • Is there anything wrong with selecting the entire domain, then filtering out or un-selecting what you don't want?  I use those in combination to filter out disabled accounts and service accounts.  Or is there some policy in place that doesn't allow you to do this?
    Monday, November 04, 2013 9:04 PM

All replies

  • Hi

    the UPS connector it's wright configured? if it's looking for the good AD DC



    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    Thursday, October 31, 2013 2:16 PM
  • I believe so.....this is first step i see in MIS which seems to be looking at the correct location but never imports anything, seems all I am getting is the domain information imported


    • Edited by 41globalit Thursday, October 31, 2013 2:24 PM domain
    Thursday, October 31, 2013 2:21 PM
  • Last step does nothing but says it added the domain info but no users are added....

    Thursday, October 31, 2013 2:23 PM
  • Only error i was able to find in ULS is:

    Profile sync step AD (stage ActiveDirectoryFullImport) failed: System.InvalidOperationException: sql-deadlock 

    This error is aprt of first import step....

    Thursday, October 31, 2013 3:54 PM
  • Hi

    check it you granted right permissions for managed users

    Please check this post

    http://www.harbar.net/articles/sp2010ups.aspx


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.


    Thursday, October 31, 2013 9:12 PM
  • I was able to do a whole import of the whole domain instead of using the one domain user group......that was able to get me my 8,000 users but really prefer to use just the domain users group...not sure why the domain users group won't import users....
    Friday, November 01, 2013 2:13 PM
  • Hi

    Apply spups  for specific OUs only


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    Friday, November 01, 2013 2:35 PM
  • Hey Romeo,

    thanks for response, what exactly is spups??  how do i apply this? thnx

    Friday, November 01, 2013 4:17 PM
  • Sorry , but please read this document

    http://www.harbar.net/articles/sp2010ups.aspx

    spups is the user , the managed account responsible with UPS syncronisations between AD and SP


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    Friday, November 01, 2013 8:23 PM
  • All of your users are in a single OU in AD?  8,000 of them?!?!?!?  That sounds painful to enumerate and manage policy with.  Are you sure they are all there?  Domain Users is typically a global group, not an OU in Active Directory.  Global groups are not something you can sync against.  The default container (OU) in AD for users is, Users right under the domain root.  Good AD admins setup their own OU structure that makes sense for their organization though.  :)
    Friday, November 01, 2013 8:23 PM
  • Hey Dubastep,

    No the 8k are not all in one ou.  Basically our AD team has every user assigned to one specific group called Domain Users which is the Group i only want to pull from but having issues when trying to pull from jstu that group.  But if i select all it pulls everything with no issue.

    Thanks,

    Monday, November 04, 2013 2:47 PM
  • Your AD team didn't do that, Active Directory places all domain users in that group by default when the accounts are created.  It isn't an OU (I.E. a container) though, it is global domain group.  You can't sync from that.  You have to select the OUs to sync from.
    • Edited by DubaStep Monday, November 04, 2013 4:24 PM
    Monday, November 04, 2013 4:17 PM
  • Thanks for response DubaStep, i guess you have answered my issue.  My userprofile account wont ever synch anything from the domain users group.  would need to be a total different OU that all users would need to be in, in order for me to synch from specific OU.

    thnks

    Monday, November 04, 2013 7:20 PM
  • Is there anything wrong with selecting the entire domain, then filtering out or un-selecting what you don't want?  I use those in combination to filter out disabled accounts and service accounts.  Or is there some policy in place that doesn't allow you to do this?
    Monday, November 04, 2013 9:04 PM
  • Hey DubaStep,

    That is exactly how i am currently doing the sync at this moment.  I selected whole domain but only unchecked the terminated users OU and that is what has got me all accounts each sync with no issues.

    Tuesday, November 05, 2013 1:43 PM