locked
problem with user profile syncronization export to ad RRS feed

  • Question

  • Hi,

    We are having trouble with the porfile property export with Sharepoint 2010.

    Importing with AD seems to work fine, but having trouble with exporting back to AD.  Exporting seems to only work once, immediately after the setting up the Sync database for the very first time.  properties are written back to AD however on the next incremental sync, user profile sync then removes the property from AD.

    The fact that it can updates properties and delete properties seems to indicated that the necessary permissions is in AD.  Monitoring FIM indicates that the moss delta import wont pick up any exported properties from sharepoint.  Doing a full sync and monitoring FIM shows that properties are picked up by full import, but subsequent delta import wont pick it up and removes the added properties.

    Anyone else seen this behaviour?We have the rereleased Oct 2010 CU installed.

    Saturday, November 27, 2010 10:43 PM

All replies

  • Hi et381,

     

    If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with. See Grant Create Child Objects and Write permission for instructions to grant this permission.

     

    For more information about how user profile sync works in SharePoint 2010, please refer to the following article:

     

    http://blogs.msdn.com/b/spsocial/archive/2010/05/04/conceptual-view-of-how-user-profile-synchronization-works-in-sharepoint-2010.aspx

     

    Hope this helps.

     

    Rock Wang


    Regards, Rock Wang Microsoft Online Community Support
    Monday, November 29, 2010 2:50 AM
  • Hi Rock,

    Thanks for the reply, we have read through those articles and can confirm that the permissions are there, because we can see it working once, stright after creating a new sync database and manually starts a Full Sync.  We can see the properties exported successfully exported into AD.  However, on subsequent incremental syncs, it actually send a request to delete the properties from AD even though the properties are still in the Sharepoint profile.

    We can see that in Forefront Identity Synchronization Service Manager, the job MOSS_DeltaImport is not able to read the exported values from Sharepoint, while the MOSS_FullImport job can.  We can't figure out why the MOSS_DeltaImport import job is not working, and would need some help on how to troubleshoot this.

     

    Thanks,

    Ed

    Monday, November 29, 2010 5:40 AM
  • Hi Rock,

    Some new findings that might help others.

    I am almost certain there is a bug with profile export with the October 2010 cumulative updates.

    Without changing any other permissions settings in SharePoint or AD.  I've done the following and user profile export is now working.

    On the WFE running the profile syncronization service.  In the folder C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Extensions, replace the files

    Microsoft.Office.Server.UserProfiles.ManagementAgent.dll
    Microsoft.Office.Server.UserProfiles.MetaverseExtension.dll

    with the files from the RTM release (From file version 14.0.5128.5000 back to 14.0.4756.1000), then manually kick off a FULL sync.  And the profile export started working.

    Can we report this to the product team.

     

    Cheers,

    Ed

    Monday, November 29, 2010 8:59 PM
  • Hi et381,

     

    I have reported this issue to our Product Team, they will confirm this issue. Please stand for the update.

     

    Thanks!

     

    Rock Wang


    Regards, Rock Wang Microsoft Online Community Support
    Tuesday, November 30, 2010 2:52 AM
  • Thank god someone else is having this problem. I'm not 100% sure it attached to the October CU though as this problem started approx 6 weeks ago for me. We were pushing photos and quite a lot of properties from SharePoint back to AD, so you can imagine my surprise when I noticed that lots of properties in AD had been wiped. Fortunately, photos didn't matter at this point, and we were using SharePoint for people search, so we were able to get by in the face of other priorities. I haven't been able to investigate it properly until the last couple of days as we are currently implementing Lync 2010 and needed the photo issue fixed. After many wasted hours, I finally came to the same conclusion as you that the MOSS_Deltaimport job was causing the error. As soon as I Googled the error, I came straight here. I am so relieved to find someone else having the same problem. I am going to try you suggestion with the dlls to see if I can get things working again.

    Please please please if this is actually a bug, can it be placed in the SharePoint blog as the clearing of properties in AD is a very serious issue. I am fortunate that the user profile application had copies of the data so I have been able to restore it back by running FIM jobs, but I'm sure other IT admins might panic and try to restore AD or Sharepoint and make the situation worse.

    Update: I have reverted Microsoft.Office.Server.UserProfiles.ManagementAgent.dll & Microsoft.Office.Server.UserProfiles.MetaverseExtension.dll to the RTM versions and everything works perfectly. I don't see any negative side effects at the minute, so hopefully this will be the end of it until the product team figures out what's going on. Thanks very much guys. You have finally helped me sort something that's been a real thorn in the side. Now our Lync clients look amazing with the little people populated!!!

    Andy

    Wednesday, December 1, 2010 2:05 AM
  • Looks like its still broken with the December 2010 cumulative hotfix.  Anyone else have issues with profile export and the cumulative updates from October 2010 onwards?
    Sunday, February 27, 2011 8:49 AM
  • This gave me two terrible days and sleepless nights, it's not trivial when the information disappears from corporate active directory. I don't think Microsoft even ran it once before releasing this update.

    Thanks a lot you guys, it worked for me straight away. I reverted the files back to version 14.0.4756.1000.

    btw I installed December 2010 cumulative updates on SharePoint Foundation and SharePoint Server.

    Wednesday, March 16, 2011 10:45 AM
  • Hi Rock,

    Some new findings that might help others.

    I am almost certain there is a bug with profile export with the October 2010 cumulative updates.

    Without changing any other permissions settings in SharePoint or AD.  I've done the following and user profile export is now working.

    On the WFE running the profile syncronization service.  In the folder C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Extensions, replace the files

    Microsoft.Office.Server.UserProfiles.ManagementAgent.dll
    Microsoft.Office.Server.UserProfiles.MetaverseExtension.dll

    with the files from the RTM release (From file version 14.0.5128.5000 back to 14.0.4756.1000), then manually kick off a FULL sync.  And the profile export started working.

    Can we report this to the product team.

     

    Cheers,

    Ed


    How do I get the dll files tha I need to replace? Do you download them somewhere?
    Monday, June 27, 2011 9:21 PM
  • Does anyone know is this issue being fixed in any CU, because I have the same problem.

    I curently have SP1 with  Dec 2011 CU installed 14.0.6114.5000

    Or is there any other workaround?

    Thanks

    Alex

    Wednesday, August 15, 2012 9:36 AM