locked
User profile sync updating profiles? RRS feed

  • Question

  • User profile service is set to do an incremental sync every sunday by default. Saturday I had let's say I had 10,000 users. Sunday I have 10,200 users. I've checked a few of the properties of users that were in the system before, and their information did not update (such as email). Is it safe to say that since the number of users increased after the sync that it did actually sync but that if information did not update in someones existing profile then likely that information is not in AD to begin with? (I don't have access to view AD).

    If this is not the case, do I need to do a full sync rather than an incremental?

    Tuesday, May 26, 2015 6:21 PM

Answers

  • Everyone has read access to AD by default. 

    So, you can easily verify that claim. 

    You can use "ADSIEDIT" tool to view the detailed properties of a user. You can also run a VB script to get that info.

    Below script (something I had handy) creates an XL Sheet (in the root of C drive, called ADusers.xls) with all users in AD. it outputs the attributes defined in the "strAttributes". You can modify that to suit your case.

    Copy and paste the script to a notepad and save it as something.vbs

    SET objRootDSE = GETOBJECT("LDAP://RootDSE")
    strExportFile = "C:\ADUsers.xls" 
     
    strRoot = objRootDSE.GET("DefaultNamingContext")
    strfilter = "(&(objectCategory=Person)(objectClass=User))"
    strAttributes = "sAMAccountName,givenName,sn,telephoneNumber," & _
                                    "initials,displayName,physicalDeliveryOfficeName," & _
                                    "telephoneNumber,mail,wWWHomePage,profilePath," & _
                                    "scriptPath,homeDirectory,homeDrive,title,department," & _
                                    "company,manager,homePhone,pager,mobile," & _
                                    "facsimileTelephoneNumber,ipphone,info," & _
                                    "streetAddress,postOfficeBox,l,st,postalCode,c"
    strScope = "subtree"
    SET cn = CREATEOBJECT("ADODB.Connection")
    SET cmd = CREATEOBJECT("ADODB.Command")
    cn.Provider = "ADsDSOObject"
    cn.Open "Active Directory Provider"
    cmd.ActiveConnection = cn
     
    cmd.Properties("Page Size") = 1000
     
    cmd.commandtext = "<LDAP://" & strRoot & ">;" & strFilter & ";" & _
                                       strAttributes & ";" & strScope
     
    SET rs = cmd.EXECUTE
     
    SET objExcel = CREATEOBJECT("Excel.Application")
    SET objWB = objExcel.Workbooks.Add
    SET objSheet = objWB.Worksheets(1)
     
    for x = 0 to rs.Fields.count -1
     'msgbox( rs.fields(x).name ) 
    next
     
    FOR i = 10 to  11 'rs.Fields.Count - 1
                    objSheet.Cells(1, i + 1).Value = rs.Fields(i).Name
                    objSheet.Cells(1, i + 1).Font.Bold = TRUE
    NEXT
     
    objSheet.visible = true
     
    objSheet.Range("A2").CopyFromRecordset(rs)
    objWB.SaveAs(strExportFile) 
     
    rs.close
    cn.close
    SET objSheet = NOTHING
    SET objWB =  NOTHING
    objExcel.Quit()
    SET objExcel = NOTHING
     
    Wscript.echo "Script Finished..Please See " & strExportFile


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, May 26, 2015 7:56 PM
    • Marked as answer by Dean_Wang Thursday, June 4, 2015 9:17 AM
    Tuesday, May 26, 2015 7:04 PM

All replies

  • You rarely have to full sync (weekly is more than fine) in most environments. If you are just trying to get new user profiles synced then a incremental is fine.

    You can check the property mappings in the connection in the user profile service app to see if they are linked to AD and what fields they are linked to.

    Tuesday, May 26, 2015 6:58 PM
  • Everyone has read access to AD by default. 

    So, you can easily verify that claim. 

    You can use "ADSIEDIT" tool to view the detailed properties of a user. You can also run a VB script to get that info.

    Below script (something I had handy) creates an XL Sheet (in the root of C drive, called ADusers.xls) with all users in AD. it outputs the attributes defined in the "strAttributes". You can modify that to suit your case.

    Copy and paste the script to a notepad and save it as something.vbs

    SET objRootDSE = GETOBJECT("LDAP://RootDSE")
    strExportFile = "C:\ADUsers.xls" 
     
    strRoot = objRootDSE.GET("DefaultNamingContext")
    strfilter = "(&(objectCategory=Person)(objectClass=User))"
    strAttributes = "sAMAccountName,givenName,sn,telephoneNumber," & _
                                    "initials,displayName,physicalDeliveryOfficeName," & _
                                    "telephoneNumber,mail,wWWHomePage,profilePath," & _
                                    "scriptPath,homeDirectory,homeDrive,title,department," & _
                                    "company,manager,homePhone,pager,mobile," & _
                                    "facsimileTelephoneNumber,ipphone,info," & _
                                    "streetAddress,postOfficeBox,l,st,postalCode,c"
    strScope = "subtree"
    SET cn = CREATEOBJECT("ADODB.Connection")
    SET cmd = CREATEOBJECT("ADODB.Command")
    cn.Provider = "ADsDSOObject"
    cn.Open "Active Directory Provider"
    cmd.ActiveConnection = cn
     
    cmd.Properties("Page Size") = 1000
     
    cmd.commandtext = "<LDAP://" & strRoot & ">;" & strFilter & ";" & _
                                       strAttributes & ";" & strScope
     
    SET rs = cmd.EXECUTE
     
    SET objExcel = CREATEOBJECT("Excel.Application")
    SET objWB = objExcel.Workbooks.Add
    SET objSheet = objWB.Worksheets(1)
     
    for x = 0 to rs.Fields.count -1
     'msgbox( rs.fields(x).name ) 
    next
     
    FOR i = 10 to  11 'rs.Fields.Count - 1
                    objSheet.Cells(1, i + 1).Value = rs.Fields(i).Name
                    objSheet.Cells(1, i + 1).Font.Bold = TRUE
    NEXT
     
    objSheet.visible = true
     
    objSheet.Range("A2").CopyFromRecordset(rs)
    objWB.SaveAs(strExportFile) 
     
    rs.close
    cn.close
    SET objSheet = NOTHING
    SET objWB =  NOTHING
    objExcel.Quit()
    SET objExcel = NOTHING
     
    Wscript.echo "Script Finished..Please See " & strExportFile


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, May 26, 2015 7:56 PM
    • Marked as answer by Dean_Wang Thursday, June 4, 2015 9:17 AM
    Tuesday, May 26, 2015 7:04 PM
  • I am trying to get the existing profiles to update with relevant information that has been added to AD after the user was added to SharePoint. For example, the email field.
    Tuesday, May 26, 2015 10:31 PM
  • Well, since you mentioned you were not sure the info exists in AD, I gave you some options to find out.

    Nosh Mernacaj, Identity Management Specialist

    Tuesday, May 26, 2015 10:34 PM
  • Hi,

    Please check the user profile property mappings in sharepoint.  Under Manage user properties you can check which property are mapped for synchronization (‘Property Mapping for Synchronization’  is the session where you can check those). 

    If the user property is not added you need to add the new mapping. Refer to the below link:

     http://www.egroup-us.com/2011/12/sharepoint-2010-map-ad-profile-attribute-to-user-profile-property/ 

    Friday, May 29, 2015 6:31 AM