SharePoint Stuff



SharePoint 2010 User Profile Synchronisation failing

Written by Luke Smith. Posted in Microsoft

ISSUE
====

After setting up User Profile Service Application and configuring the synchronisation connection to your active directory you receive the following error

Log Name:      Application
Source:        FIMSynchronizationService
Date:          06/05/2010 11:19:05
Event ID:      6050
Task Category: Management Agent Run Profile
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ICS-SP-002.ics.local
Description:
The management agent “MOSSAD-ICS” failed on run profile “DS_FULLIMPORT” because of connectivity issues.

 Additional Information
 Discovery Errors       : “0”
 Synchronization Errors : “0”
 Metaverse Retry Errors : “0”
 Export Errors          : “0”
 Warnings               : “0”

 User Action
 View the management agent run history for details.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event“>
  <System>
    <Provider />
    <EventID Qualifiers=”49152″>6050</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime=”2010-05-06T10:19:05.000Z” />
    <EventRecordID>1804</EventRecordID>
    <Channel>Application</Channel>
    <Computer>ICS-SP-002.ics.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>MOSSAD-ICS</Data>
    <Data>DS_FULLIMPORT</Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>0</Data>
    <Data>0</Data>
  </EventData>
</Event>

When investigating further using the MIISClient.exe tool located in “C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShell” on the operations TAB you also see the following error under (DS_FULLIMPORT) 

Resolution
————– 

Confirm that the service account used to run Forefront Identity Manager Synchronization Service (FIMSynchronizationService) has the AD Security right of “Replicating Directory Changes” at the domain level 

  1. Open the Active Directory Users and Computers snap-in
  2. On the View menu, click Advanced Features.
  3. Right-click the domain object, such as “company.com”, and then click Properties.
  4. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
  5. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
  6. Click OK to return to the Properties dialog box.
  7. Click the desired user account.
  8. Click to select the Replicating Directory Changes check box from the list.
  9. Click Apply, and then click OK.
  10. Close the snap-in.

 NOTE: Group “Domain Admins” already has the above right however if you are still seeing this issue add the service account explicitly to the AD Security

Tags: ,

Trackback from your site.

Luke Smith

I’ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise. I’ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft’s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint

Comments (3)

  • Isabela

    |

    This helped us resolve our issue, now I have a question, does this permission need to be granted in AD for the Farm account with every new install of Sharepoint so that the UP can retrieve the Profiles?

    Reply

  • Neil

    |

    Presuming a one-off sync only, is there a way to import the selected OU from AD WITHOUT having SharePoint throw its weight around and start trying to force replication (which can create lots of traffic on large networks).

    Perhaps a PowerShell command?

    ta,
    n

    Reply

Leave a comment