none
SharePoint 2019 - User Profile Sync not working RRS feed

  • Question

  • Good day,

    I have a 2019 on prem farm and the user profile sync is not working.  It stays at "idle" and never seems to get kicked off.  The only message in the logs is as followed:

    ScanDirSyncChanges: Exception thrown by Dirsync request: page 0, LdapServer '[DOMAIN CONTROLLER]', rootDn 'DC=dev,DC=[DOMAIN],DC=com', exception 'System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.    
     at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)    
     at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)    
     at Microsoft.Office.Server.UserProfiles.ADImport.DirSyncWrapper.ProcessChanges(ProfileConfiguration profileConfig, LdapConnection ldapConnection, UserProfileADImportMapping adMapping, String rootDn, Stopwatch externalTimeSpentInProfile, Stopwatch externalTimeSpentInDirectory, SPUserProfileADImportUsageEntry usage, Int32 loopCount, Boolean& fEventLogged, SearchRequest request, DirectoryControl pagingControl, List`1 itemsLeft)'

    I have checked the users access and they can browse the AD envornment I am trying to connect to the the account has 'Replicating Directory Change' rights.

    Any guidence is appreciated.

    Thank you,
    Hyde


    There is nothing more difficult to take in hand, more perilous to conduct or more uncertain in its success than to take the lead in the introduction of a new order of things.

    Tuesday, July 30, 2019 7:42 PM

Answers

All replies

  • Hi Hyde_311,

    The above log saying missing Replicate Drectory permissions clearly, make sure the Service Account you are using is correct. below article with same errorr:

    http://www.harbar.net/archive/2012/07/23/sp13adi.aspx

    Thanks & Regards,


    sharath aluri

    • Marked as answer by Hyde_311 Thursday, August 1, 2019 2:20 PM
    Tuesday, July 30, 2019 7:57 PM
  • Thanks for the reply.  I have checked with the AD team and they have assured me that the account has replication permissions.

    There is nothing more difficult to take in hand, more perilous to conduct or more uncertain in its success than to take the lead in the introduction of a new order of things.

    Tuesday, July 30, 2019 8:23 PM
  • Hi, Hyde,

    Have you checked the ULS log and event receiver? Is there any other information? 

    And you can have a check on this blog.

    Best Regards

    Jerry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, July 31, 2019 8:54 AM
  • Thank you everyone for the suggestions!  It turned out to be replication not turned on on the account.

    There is nothing more difficult to take in hand, more perilous to conduct or more uncertain in its success than to take the lead in the introduction of a new order of things.

    Thursday, August 1, 2019 2:20 PM