crawling New AD into SharePoint 2007 User Profile RRS feed

  • Question

  • Dear All,

    Network is building new AD in Exchange 2010 and migrating users from old AD to new one with having trust on both AD's initially.

    In SharePoint we get users form Old AD, and same users will be migrated to new AD. So facilitate we created one more connection in Central Admin --> User Profile and Services.

    And try to crawl the AD , for which we got the users from new AD to our user profile. Our service account is not getting migrated.

    1. Please if this is the correct procedure.

    2. In new AD network guys are putting some data in two of the unused fields/attributes in AD. Like one field is EmployeeID and one unused field.

    So when we crawl will there be any issue.Like is there any issue in schema 

    Please advise

    -- Kind Regards Sandeep

    Thursday, July 5, 2012 3:04 PM

All replies

  • Synchronizing with AD won't migrate the profiles and account information within SharePoint. To do this, you need to use the migrateuser stsadm operation. Since your AD team has created new accounts, I would suggest using the -ignoresidhistory parameter. Given a list of old user names (OLDDOMAIN\sandeep) and their new user names (NEWDOMAIN\sandeep) you can script this for all users.

    You will need to run this operation for all users in the farm after they begin using their new account (said another way: once they no longer need to log on using their old account).

    This will not update service accounts used by the farm. To do this, you will need to update the accounts manually. If the accounts already exist, you can do this at any time (during a maintenance window as you may lose connectivity to the farm as you update these accounts):

    • For the farm service account (used by the Central Administration web application pool and timer service) use the updatefarmcredentials stsadm operation
    • For the Windows SharePoint Search service use the spsearch stsadm operation (or restart the service in Central Administration)
    • For the Office SharePoint Search service, use the osearch stsadm operation (or restart the service in Central Administration)
    • For the crawl accounts edit the search service and content sources as appropriate
    • For the user profile synchronization account edit the AD connection (as you've done)
    • For application pools use the updateaccountpassword stsadm operation (or update from the Service accounts page in Central Administration -> Operations)

    If you're using other services like Excel Calculation Services, Business Data Catalog, or have custom solutions that use specific accounts you'll need to update these as well.

    Jason Warren
    Infrastructure Specialist

    Thursday, July 5, 2012 7:38 PM
  • Hi Jason,

    What if we keep both profiles like from old AD (OldDomain\user1) and from new AD(NewDomain\user1) in user profile.

    But when i added new import connection under User profiles in Central Admin and started the full import i do see users coming to user profile and they are able to access the site.

    Our Admin account is not migrating and network guys says they kept a trust between two forests for our admin account. But i do see some error in event viewer ,would this be related to profile import .

    Or network guys says there is mismatch in time sync between twp AD servers servers and they are restarting all servers to bring them in sync.

    Effect was that in sharepoint one link is target audience to AD group and user from new AD able to see the link..today cannot able to see the link..so started full import and user again able to see the link... 

    A runtime exception was detected. Details follow.

    Message: Cannot insert duplicate key row in object 'dbo.UserMemberships' with unique index 'CX_UserMemberships_RecordId_MemberGroupId_SID'.

    The statement has been terminated.

    Techinal Details:

    System.Data.SqlClient.SqlException: Cannot insert duplicate key row in object 'dbo.UserMemberships' with unique index 'CX_UserMemberships_RecordId_MemberGroupId_SID'.

    The statement has been terminated.

       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)

       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)

       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)

       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)

       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

       at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)

       at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()

       at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)

       at Microsoft.Office.Server.UserProfiles.WSSSynchSqlSession.SynchExecuteNonQuery(SqlCommand cmd, Boolean throwOnFail)

       at Microsoft.Office.Server.UserProfiles.WSSSynchSqlSession.SynchExecuteNonQuery(SqlCommand cmd)

       at Microsoft.Office.Server.UserProfiles.SiteSynchronizer.WriteChangeLogConsumed()

       at Microsoft.Office.Server.UserProfiles.SiteSynchronizer.Synch()

       at Microsoft.Office.Server.Diagnostics.FirstChanceHandler.ExceptionFilter(Boolean fRethrowException, TryBlock tryBlock, FilterBlock filter, CatchBlock catchBlock, FinallyBlock finallyBlock)

    Would there be any issue ..please advise as i am not SharePoint Administrator..

    -- Kind Regards Sandeep

    Saturday, July 14, 2012 3:46 AM
  • Are you running a full import or an incremental import for the user profile synchronization? I would try a full import to see if this resolves it and if not, check out Jasper Beerens' blog post:

    HI delmarvamonkey, contacted Microsoft who told me it was because of an
    old database that couldn't synchronise in the config database:

    discussed on the phone, here the link to the command for deleting unsynchronized


    IN your case, just use:
    stsadm -o sync -listolddatabases 1 to see
    the old databases,
    and: stsadm -o sync -deleteolddatabases 1 to delete the
    links in the config_DB.

    If you run these commands it should do it, but I
    haven't actually tried it on the production server as yet.

    I tried this solution and found that my problems disappeared and no futher errors occurred.

    Jason Warren
    Infrastructure Specialist

    Monday, July 16, 2012 2:19 PM
  • Hi Jason,

    Above Error was not coming when both Database and SharePoint Server is restarted by network guys as they were syncing all server for time difference.

    and full import is also working fine..but then i see some other error in SharePoint Server Event viewer as:

    Office SharePoint Server Search Under Operations

    EventType ulsexception12, P1 w3wp.exe, P2 6.0.3790.3959, P3 45d691cc, P4 system.web, P5, P6 4889ed13, P7 8895, P8 118, P9 httpexception, P10 82fh.

    For this we restarted the  Office SharePoint Server Search under Central Admin --> Operations

    And then we see error in user profile and Properties under Central Admin.

    Then we went to SharePoint Shared Services and right click on our Shared Service and click on edit and under index server we gave our server name and click OK..by this above error was not coming but after half an hour our SQl Server stopped responding and our Site was down .

    When we try to open SQL we see error ..so restarted the SQL Server and Site was up..

    Please advise would this be due to restart of Search Server..

    -- Kind Regards Sandeep

    Monday, July 16, 2012 3:27 PM
  • Restarting the search service should not cause the SQL Server to stop responding. I recommend checking the SQL Server error log and event log on the server to find any errors. If you still have questions about SQL Server, you should create a new post on the SQL Server Database Engine forum

    Jason Warren
    Infrastructure Specialist

    Monday, July 16, 2012 3:33 PM
  • Hi Jason,

    Thanks for your reply..

    By specifying index server in shared services ..would SharePoint consumes resource to build index..

    Pls advise on the error above:

    EventType ulsexception12, P1 w3wp.exe, P2 6.0.3790.3959, P3 45d691cc, P4 system.web, P5, P6 4889ed13, P7 8895, P8 118, P9 httpexception, P10 82fh.

    -- Kind Regards Sandeep

    Monday, July 16, 2012 4:17 PM
  • Well, yes. Building the index can postentially consume lots of resources and with MOSS dedicated index servers were a common design feature of a farm.

    Essentially the crawl will visit every piece of content in the site as fast as possible so there could be a considerable load on your server and the database server.

    Jason Warren
    Infrastructure Specialist

    Monday, July 16, 2012 4:31 PM
  • Hi Jason,

    Just confirmed with network guys and they said:

    They created new forest and they are saying they copied all users from Forest 1 to New Forest 2 with keeping SID history so a user in new domain will have new SID and his OLD SID also.

    We configured import connections in Central Admin and crawled the users which successfully came to user profile then we saw error coming as above but went away when they restarted the server to sync time for all servers.

    Now one error is not going which is :

    InfoPath Forms Services has detected a mismatch between the user's data in the browser and on the server. This may indicate the SESSION_STATE_PASCAL_CASED is not configured properly on a multiple front end farm or that a malicious user is trying to tamper with client data. (User: Doamin\testuser, Form Name: imprestv9, IP: , Request: http://sharepoint site/_layouts/Postback.FormServer.aspx, Form ID: urn:schemas-microsoft-com:office:infopath:imprestv9:-myXSD-2008-04-30T06-48-00)

    Please advise what would we can check and rectify..

    -- Kind Regards Sandeep

    Wednesday, July 18, 2012 8:54 AM