After installing the Microsoft Identity Manager 2016 and ForeFront Identity Manager Connector for SharePoint User Profile Store, now we have to configure the Synchronization for SharePoint Server 2016. Please see my article on installing the MIM on SharePoint Server

In the previous version of SharePoint, we control the User Profile sync from the Central admin but in SharePoint 2016 it is the different story. This is kind of a manual process but simple, in which you have to setup a couple of Scheduled Tasks to run Full and Incremental Sync. You can create these tasks using the Script available on the GitHub site collection.

Before Starting

  • Microsoft Identity Manager 2016 Sync engine and ForeFront Identity Manager Connector for SharePoint User Profile Store should be installed. 
  • You should login on SharePoint Server with Farm Admin account with local admin rights. Without local admin, you will not able to run the sync. 
  • Domain Account which has SharePoint access should have the following AD details ready:
    • ForestDNSName: This is the DNS name of the Active Directory forest to be synchronized. i.e
    • ForestCredential: This is the username and password of the account that will be used to read objects from Active Directory. This account must have Replicate-Directory-Changes permissions in the Active Directory domain that is to be synchronized. For domains at the Windows Server 2016 functional level, it may also require Replicate-Directory-Changes permission to the configuration partition of the domain. This is the same kind of account which we used in the previous versions of SharePoint. i.e. Krossfarm\KFadSyncAccount
    • OrganizationalUnit: This is the distinguished name of the Active Directory container to be synchronized. You can add more containers after the configuration is loaded. To add more containers, use the Synchronization Service Manager GUI interface to modify the ‘AD’ management agent.
  •  Make sure the following SharePoint Connection details are ready:
    • SharePointUrl: This is the URL of the SharePoint Server running the User Profile Service application, this is Central Admin URL.  For example, http://KFAppServer:1234.
    • SharePointCredential: The username and password of the account used to connect with SharePoint User Profile. This account will read and write the object in SharePoint User Profile Store DBs i.e krossfarm\KFUPAdmin
    • SharePointSync.psm1 - Windows PowerShell module for deploying and starting the synchronization solution.
    • MA-AD.xml - This is the MIM management agent for Active Directory.
    • MA-SP.xml - This is the MIM management agent for SharePoint Server.
    • MV.xml - This XML file contains additional User Profile Synchronization configuration.
  • Place all downloaded files on MIM server i.e C:\SharePointSynchronization
  • User Profile Service is proper and External Identity Manager Enabled option selected under the Configure Synchronization Settings.

Configure SharePoint Central Admin

In order to configure the MIM sync with the User Profile Service, we have to configure the Synchronization settings.

  • Go to Central Admin > Application Management > Manage Service Application > click on User Profile Service.
  • On Manage Profile Service page, click on Configure Synchronization Settings.
  • Make sure Enable External Identity Manager is selected, Click OK.

Install the SharePoint Server Synchronization Configuration File on MIM Server

Now we will install the solutions files and configure the sync. Please place all downloaded solutions file in the same directory. 

  • Place all downloaded solutions file in a directory. 
  • Open the PowerShell Console (Run as Administrator).
  • In PowerShell console window, first import the SharepointSync.psm1 file
    • ### Load the SharePoint Sync Module
    • Import-Module C:\SharePointSync\SharePointSync.psm1 -Force
  • Now install the SharePoint Configuration Sync using the information which you collected initially.
    • ### Install the SharePoint Sync Configuration
    • Install-SharePointSyncConfiguration `
      -Path C:\SharePointSync `
      -ForestDnsName `
      -ForestCredential (Get-Credential Krossfarm\KFadSyncAccount) `
      -OrganizationalUnit 'ou=employee,dc=krossfarm,dc=com' `
      -SharePointUrl http://KFAppServer:1234 `
      -SharePointCredential (Get-Credential krossfarm\KFUPAdmin) `
  • Open Notepad, copy the script with your values and save the file as Sync.ps1
  • Now run that file.
  • It will ask you for a password for both accounts (ForestCredential and SharePointCredential).
SharePoint Sync Configuration is complete. Now time to run the  Sync.

Run Sync

  • If you want to see the impact of this synchronization, like what will be imported, you can preview it using the –WhatIF parameter with sync command.
Start-SharePointSync -WhatIf -Verbose
  • To start the Full Sync, run the following command.
Start-SharePointSync -Confirm:$false
  • To start the Incremental / Delta Sync, run the following command.
Start-SharePointSync -Delta -Confirm:$false
Note: If you close the PowerShell window, then you have to import the Sync Module Import-Module "C:\SharePointSync\SharePointSync.psm1" 
Note: If you will not use the -Confirm:$false parameter in your command then you have to make sure that watch the windows so that you can Press Y to allow the import of a profile in SharePoint. Otherwise, import will not complete. 

See Also

Please see the other part of this series.
  1. SharePoint 2016 User profile Service Step by Step: Installation of MIM 2016
  2. SharePoint 2016 User profile Service Step by Step: Configuration of MIM 2016
  3. MIM 2016 with SharePoint 2016 User Profile service: Import Custom Property from Active Directory
  4. SharePoint 2016 User profile Service and MIM: Apply the Connection Filter
  5. MIM with SharePoint Server 2016 User profile: Add more Active Directory Domain for Synchronization.