Error.
=====
User Profile Import does not import any users and you receive the following errors, even though you have configured the user profile account replication directory changes.
Level: WARNING
Source MsiInstaller
Event ID: 1015
Message:
Failed to connect to server. Error: 0x80070005
The management agent “MOSSAD-AD Farm Users Connection domain.local” failed on run profile “DS_FULLIMPORT” because of connectivity issues.
Level: ERROR
Source: FIMSynchronizationService
Event Id: 6050
Additional Information
Discovery Errors : “0”
Synchronization Errors : “0”
Metaverse Retry Errors : “0”
Export Errors : “0”
Warnings : “0”
User Action
View the management agent run history for details.
Details
======
You review the permissions for the domain you are syncing user profiles from, and the user profile service has replicate directory changes defined.
Details below
1. Open ADUC (Active Directory Users and Computers)
2. Right Click the Domain DOMAIN.LOCAL, choose Delegate Control… click Next
3. Add DOMAINUSERPROFILE, click Next
4. Select Create a Custom Task to Delegate, click Next
5. Select ‘This folder, existing objects in this folder….’ Click Next
6. Select the ‘Replicate Directory Changes’ permission and click Next
7. Click Finish
Further Information
================
To view the error in more depth open MIISClient.exe on the server running the User Profile Sync. The application normally exists in the following path:
C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShellmiisclient.exe
Select the Operations Tab
Find the profile name DS_FULLIMPORT
If you look at the Status you will normal see the status of ‘stopped-connectivity, Double click this operation to view the Connection Log.
In the connection Log review the error.
In this example the error is Replication access was denied with Error Code 8453
The important column to note here is the Server and more specifically the domain.
In this example the Domain is different to the Domain you are syncing user profiles from; this is because the Domain you are queuing for User Profiles is a child domain which is part of a larger forest FOREST.LOCAL.
Resolution
=========
You will need to add Replicate Directory Changes to DOMAINUSERPOFILE for the FOREST.LOCAL Configuration Container in order to import profiles. Please run though the following
1. Open ADSIEdit
2. Expand Configuration for abf.local
3. Right-Click CN=Configuration,DC=FOREST,DC=LOCAL
4. Select Permissions Tab, Click Advanced
5. Add DOMAINUSERPROFILE, click Next
6. Select the ‘Replicate Directory Changes’ permission
7. Click OK