SharePoint User Profile Sync join attribute? RRS feed

  • Question

  • Hi,

    When setting up SharePoint User Profile Sync, the default Join attribute is:

    User profile property

    AD DS attribute



    Can we change this using the MIISClient to something like "employeeID" or "samaccountname"?

    Or will SharePoint override our settings and revert it to the original Join criteria?



    • Edited by Shim Kwan Thursday, July 16, 2015 10:35 PM
    Thursday, July 16, 2015 10:34 PM

All replies

  • Shim,

    You are right to be cautious. In general when FIM is packaged up for Dirsync or for SharePoint UPS it is configured through the wizard and any changes made through the MIISClient are subject to be overwritten the next time the wizard is run or an upgrade is performed. For dirsync there are a few supported exceptions.

    AFAIK, SharePoint won't overwrite your settings until the Wizard is run again or you patch SharePoint UPS.

    What is your goal?

    In FIM once records are joined they don't get un joined if you change the Join criteria (it isn't like a SQL View where changing the Join clause alters which records show up) it will change how things are joined going forward.

    So if this is just a need to get over some initial hurdle then it would be safe to add a join rule using that criteria rather than changing the existing join rule and then run some imports and syncs (manually) to get the joins you want and deal with any duplicate join attempts. Then you could delete your new join rule.

    David Lundell, Get your copy of FIM Best Practices Volume 1

    Friday, July 17, 2015 12:14 AM
  • Thanks David.

    During a recent migration, OU's were consolidated into one, which meant users' DN had to change from CN=firstname lastname to CN=samaccountname (as samaccountname is unique).

    This means SPS deletes and recreates the user profile, since the Join is on the DN.

    We are testing to avoid this recreation, and thought a different Join (like on samaccountname) would avoid this.


    Friday, July 17, 2015 5:37 AM
  • Then you could add a join rule since your intent is for it to be temporary. Although as long as the records are still joined in FIM the DN changing won't affect it as FIM uses the AD GUID and then internal GUIDs it generates for each object and keeps track of its own linkages.

    David Lundell, Get your copy of FIM Best Practices Volume 1

    Monday, July 20, 2015 8:49 PM