It seems no matter the number of SharePoint farms I’ve installed and configured, I never seem to breeze through the setup of User Profile Service like I hope. I am the type of person who believes in going for the latest and greatest, which is why I naturally tend towards the FIM-based User Profile Sync Service for connecting UPS to Active Directory. If you go into the User Profile Service Application configuration page, you will notice that option is available along side the good old AD Import method.
A newer way of doing the same thing must be better right? In this particular case, if you don’t require users have the ability to write back to their AD profile from SharePoint, then I think you would do yourself a favor to get nostalgic and stick to AD Import.
If you’re still reading, you must agree that AD Import is the way to go in your case. Like I said, that connection is both simple and well-covered by many other blog posts. What I want to do here is document the right combination of Windows services, SharePoint service, and SharePoint timer jobs to get you up and sychronizing cleanly.
Step 1: Turn Off Those Darn FIM Services
You don’t need them. Look in the Administration Tools of your server and open the Services console. Set both Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service to Disabled. (see below)
Step 2: Turn Off User Profile Synchronization Service
Open Central Admin > System Settings > Services on Server. Check each server in your farm to ensure User Profile Synchronization Service is not in any state other than ‘Stopped.’ (see below)
Step 3: Set Up Your Timer Jobs
Since you are already in Central Admin, go to Monitoring > Review Job Definitions. I’ve had success by setting User Profile Incremental Synchronization to ‘Disabled’ then scheduling User Profile ActiveDirectory Import Job and User Profile to SharePoint Full Synchronization jobs to run in a 5 minute offset from each other. In my case, I have User Profile ActiveDirectory Import Job set to run hourly between 5 and 10 past the hour, every hour. User Profile to SharePoint Full Synchronization is configured to run hourly at 12 to 17 minutes past the hour, every hour. For more information on specific Active Directory how-to’s, read Pirooz Javan’s post on Extending Active Directory and Integrating into SharePoint 2013.
This process isn’t terribly complicated, but I had been missing bits and pieces in my understanding of UPS until very recently. In this configuration, you will be reliably pulling in user profiles properties without any extraneous service taking up resources. Thanks for reading this and hopefully this helps somebody out of a jam.
Have any other useful tips about using either the FIM-based or AD Import method? Share your wisdom with us in a comment below! While you’re here, make yourself comfortable and check out our blog home page to explore other technologies we use on a daily basis and the fixes we’ve solved in our day to day work. To make your life even easier, subscribe to our blog to get instant updates sent straight to your inbox: