In part 2 of this series, I will show how to get the user profile synchronization running in SharePoint Server 2013. The series itself is devided into four parts:
Part 1 will show the environment used.
Part 2 shows the steps, when using the web interface.
Part 3 will show the creation of the user profile service application by using a PowerShell script.
Part 4 will show how to start the user profile synchronization by using a PowerShell script.
So, let’s get started starting and configuring the user profile service application and the user profile synchronization from the Central Administration of SharePoint 2013.
In the Application Management in the Central Administration we open Manage service applications. From the ribbon select New and User Profile Service Application.
In the dialog enter the necessary information. For the My Site Host URL we enter http://my.mydomain.local, because this site collection is prepared for the MySite host. In the Site Naming Format we select “Domain and user name (will not have conflicts)”. When all data is entered, click <Create> to create the service application. After a few seconds we should get a message that the “Profile Service Application was successfully created”.
Next we switch to “Services on server” in the Central Administration, to start the service instance for the user profile service application on both of our SharePoint hosts in the farm. This is simply done by clicking start in the row of the “User Profile Service”. To start the instance on the second server, we have th switch the server.
At this point our user profile service application is running on two hosts, so we have fault tolerance for this service application.
Next we need to prepare the user profile synchronization. For this step, we have to grant the “Replicating directory changes” permission for the account that is used for the synchronization. In our case we use the farm account for this step. Follow the steps in http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx#RDCdomain to permit the farm account. When this is done, we make the farm account a local administrator on the machine, where the synchronization service should run. In our case this wil be the SharePoint host SP01.
When this is done, we restart the machine, where the synchronization service should run, to become the permission changes active.
When the machine is up and running again, we log in as the farm account.
We start the SharePoint Central Administration and switch to “Manage Services on server”. Scroll down to the line “User Profile Synchronization Service” and click “Start”.
As the Service Account Name our farm account is pre populated. Enter the password for this account and click <OK>. We will be redirected to the Services on Server page and the “User Profile Synchronization Service” will have the status “Starting”.
At this point, be patient. It might take a while to get the service instance running. Click Refresh in the browser to get the current status. After a few minutes, the status should be “Started”.
Now, we have passed the difficult part of the whole process. Next we open the administration page of the User Profile Service Application and click the link “Configure Synchronization Connections” in the Synchronization section.
Click “Create New Connection”. Enter the necessary information in the fields. For the Account name use the farm account, because this account has the “Replicating Directory Changes” permission. When everything is entered, click <Populate Containters>. This will create a connection to the Identity Management System we selected and give us an overview on the identities. From the containers select the domain or organization unit(s) you want to synchronize.
Click on <OK> when finished. When this is done, we can start a full synchronization. Open the administration page of the user profile service application. From the Synchronization section click the “Start Profile Synchronization” link.
Select the “Start Full Synchronization” radio button and click <OK>. This will activate and start the timer job to synchronize the profiles with all connections we have configured.
Remember: when you make and changes in the synchronization connections, or when you make any changes in the synchronization settings for any profile property, or when you add or remove a profile property, you have to run a full synchronization again.
How long this full synchronization will run depends on the number of profiles that should be synchronized. In this small demo environment with just four accounts in the synchronized organization unit, it will finish after a short time.
Last but not least, we have to configure the timer job for the incremental synchronization. Therefore we click the “Configure Synchronization Timer Job” link in the user profile service application administration page. Configure this timer job as it will fit in your environment. In most cases it is enough to run this job once a day or once a week.
Finally don’t forget to remove the farm account from the local administrators group from the SharePoint host, where the user profile synchronization was started.
In parts 3 and 4 we will do the same steps using a PowerShell script.