none
Account doesn't sync with AD - MOSS - WSS User Profile sync

    Question

  • I'm working on a project that uses MOSS 2007.  We have user profiles set up to sync from AD and see the following behavior.

    Take the user Jane Doe and her account MYDOMAIN\JaneDoe

    1. She becomes part of a site collection
    2. Her settings look fine when clicking My Settings or when another user looks at her info by clicking on her under People and Groups
    3. She gets married and is renamed Jane Married with account MYDOMAIN\JaneMarried
    4. The Shared Service Provider User Profile incremental import occurs
    5. The profile looks good in the Shared Service Provider
    6. The User Profile Synchronization Timer Job runs
    7. The changes to Name and User name show properly in the My Settings or People and Groups but the Account field still has the old value until the new id (MYDOMAIN\JaneMarried) is added to the All Users.

    Any ideas on where we might be missing something from a config standpoint?  Or is there a SharePoint bug?

    Thanks

    Tuesday, December 15, 2009 6:19 PM

Answers

  • If you change the username, then you need to do something other than just a normal profile sync. 

    Try running
    stsadm -o migrateuser -oldlogin mydomain\janedoe -newlogin mydomain\janemarried

    If the SID was maintained this will provide a clean move of the profile to the new username.  If the account was created fresh and has a different SID then you will want to add -ignoresidhistory to the end of the command.
    SharePoint Developer | Administrator | Evangelist -- Twitter -- Blog - http://nextconnect.blogspot.com
    Tuesday, December 15, 2009 10:43 PM

All replies

  • If you change the username, then you need to do something other than just a normal profile sync. 

    Try running
    stsadm -o migrateuser -oldlogin mydomain\janedoe -newlogin mydomain\janemarried

    If the SID was maintained this will provide a clean move of the profile to the new username.  If the account was created fresh and has a different SID then you will want to add -ignoresidhistory to the end of the command.
    SharePoint Developer | Administrator | Evangelist -- Twitter -- Blog - http://nextconnect.blogspot.com
    Tuesday, December 15, 2009 10:43 PM
  • That sounds promising.  We're assuming the SID stays the same.  I'll give it a try and let you know how that goes.  Thanks.
    Wednesday, December 16, 2009 12:02 PM
  • > That sounds promising.  

    Better to come back when you have tested. Then you can mark the reply that gave you the solution as an answer or say if the reply didn't answer your problem. 

    This post just marks time and doesn't help me in the decision as to whether I should mark Up the previous post to Answer status.

    (Moderator)

    FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com
    Complete Book Lists (incl. foreign language) on each site.
    Wednesday, December 16, 2009 12:40 PM
  • The migrateuser command did the trick.  I did have to use -ignoresidhistory since it is just a renamed account.  Without it the error message "New user acount does not have valid SID history" is returned.  Based on the documentation I think that makes sense.

    The order of updates may matter, too.  It seemed like if I run the migrateuser command prior to the profile sync jobs running then the profile sync jobs didn't work.  I need to retest a few times to confirm to see if it may have just been something else I did differently. 

    I may also make use of the SPFarm.MigrateUserAccount Method since I'm already running a service to detect user id changes to keep some custom data in sync with SP and AD.

    Thanks for the help.
    Thursday, December 17, 2009 2:18 PM