This is how I setup user profile sync for SharePoint Server 2010 Beta on my machine. You should not take this as an official guide. But the steps may help if you have been drive crazy. :)
You should also check out TechNet article and the steps on our team blog first, they are more "official". And it's not come from "another MS guy in the wild" like me:)
[Update - we are considering to gather all information and put it back to TechNet article, could be video walkthrough, screenshots, and hope that could help. After that is done, i may remove the content here.]
The following steps in done on Windows Server 2008 R2. But it also applies to Windows Server 2008. The WCF fix for R2 and Win7 is not currently available to public but it will be released in coming days here.
Technical Product Manager, SharePoint
Some great posts here. I've been following your instructions to the dot, but cannot get User Profile Sync to work.
I have a Hyper-V virtualized server running Win2k8R2 Enterprise as DC, with SQL 2008 Developer, and all the bells and whistles.
When you suggest to "rebuild farm", what does that actually imply?
Just to run PSCONFIG and create a new farm?
Rebuild means you need to tun psconfig to remove the server from the farm. In my case, since it was the only server in the farm, it removed the farm. It would be good if you can also run SQL Management studio to delete all the databases related. Then run psconfig again, recreate a farm.
The reason I suggested this way is because it is hard to troubleshoot problems and fix them when you have a (most likely) corrupted setup. Remove Service Application and recreate would not work, since FIM is already messed up.
Which account did you use? I suggest to use the domain administrator to avoid possible problems. One of the key steps is, don't touch User Profile SA before you have user profile sync service fully started. If you didn't do that, it is highly possible only a rebuild would work.
When I created a user profile application service, I got this error:
Unrecognized attribute 'allowInsecureTransport'. Note that attribute names are case-sensitive. (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\profile\client.config line 34)
one thing more
The job "ProfileSynchronizationSetupJob" finished, but my profile sync service still be “Starting”.
allowinsecuretransport only happens when you didn't apply WCF fix on Windows Server 2008 R2...
Great Post. Quick Question. How can I map the picture property URL to an existing site. I used to use a url in a text field to map to in 2007 but it doesn't seem to work in 2010. Any clues would be appreciated.
I have manged to get this working with AD (eventually). But am stumped with LDAP.
First I'm trying with ADLDS, adn then with Sun One.
Cannot figure either out. Any pointers?
For the life of me, I cannot get this to work for a domain trust scenario.
In our example, all user accounts are in forest x (x.company.com is the domain). Our farm (and all servers) are in forest y (y.company.com).
y.company.com trusts x.company.com.
When I set up the profile sync to pull from y.company.com, it works fine. But when I put in x.company.com, when I go to enumerate containers, it says "the object does not exist".
This works great in the exact same setup in MOSS 2007. I can't believe that we are the only people in the world who have an account forest and a resource forest.
Any suggestions as to how to configure SPS2010 with this type of a setup? We're dead in the water in our testing without being able to actually have user accounts, you know?
Just evaluating this for possible use in our organisation - very impressed so far with what I've seen.
User profile import is still giving me issues though. When I go to configure a connection I'm informed that the user profile sync job is running and to wait until its finished. Nothing showing in the monitoring section as running. Still there after disabling the timer job completely and iisreset/server re-boots...
At #13 “An error has occ..." iisrestet isnt solving that issue for me, are there any tips for that issue?
thx in advice;]
CRITICAL STEP Between steps 10 and 11:
go to Manager Service Applications / User Profile Admin / Administrators --
Add the valid local and domain users to give full control permissions. This solved all my problems and allow Jet li's instructions to work flawlessly.
See this link:
CRITICAL STEP (CORRECTION) -- NEED To do the previous post between step 9 and 10.
Once that is completed you will be able to create the connection without permission errors. After that everything else works fine.
OK, well after starting all over and going through all the steps again, just to prove to myself that the above process is consistently repeatable, I found out that it seems that it is necessary to add the local machine admin account to the 'User Profile Application' administrators. Why? I have no idea, but as we know, it is Beta.
Jet I followed the steps, however not succeed in setting profile syncronisation. Win2k8R2 Enterprise as DC, on which Sharepoint is installed. I am facing issue with FIMSyncronisationService in log it states--
The service encryption keys could not be found.
Verify that the service account has permissions to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service
If the problem persists, run setup and restore the encryption keys from backup.
I have followed your steps in entirety, my sync with AD is working fine except it is not pulling the pictures in the AD.
Here is my issue, we have photos of all employees stored as xyz.jpg in the custom attribute (emp_pics_2001) with type string, but the picture url type is url (is this the culprit type change), I am using the custom attribute to map the field in the Sharepoint 2010 miis client.
I am using the below url to do the set up: goodbadtechnology.blogspot.com/.../setting-up-pictureurl-user-profile.html
i did check the profile db picture url field is NULL, i have all the other values for person except the picture.. I do not why Microsoft is making harder in few small things like this, I have already wasted more than 2 days in figuring this out
If i just get xyz.jpg pulled to sharepoint, then i can prefix a url in front of it using powershell
I am using a full trusted service account with full permissions to the domain
please help me out..