Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Profile database import issues

  Asked By: Ervin    Date: Aug 29    Category: Sharepoint    Views: 1883

I’m working on a custom LDAP query to import my users into my profile database. After having some issues, and then checking & testing my query against a recent article by Wayne Hall on Mindsharpblogs.com (MindsharpBlogs.com/.../497.aspx), I’m a little stumped.

Our company has a standardized login for employees, and contractors into our AD… basically a 1 or 2 character prefix followed by some digits. Using a custom LDAP query, this will help me rid the profile database of resources, groups, and other accounts within AD that I’m not interested in.

When I run my query using the command line LDIFDE utility, it works just fine and as expected (logged in with my AD account… also works fine when I login using the account that is set to access AD). However, when I enter the query in the Manage Connections page, I get the following error in the gatherer:

6/17/2005 7:20:00 AM Modify spsimport://[OUR DB SERVER]

The address could not be found, (0x80070005 - Access is denied. ) Access was denied on domain: ([OURDOMAIN]), and user information from the domain was not imported. Check the user name and password of the access account specified on the Configure Profile Import page. If incremental import is enabled and you are importing from a Windows 2000 domain, check that the access account has the Replicate Changes permission for Active Directory directory services.

What has me confused is I’m positive the SharePoint service account I’m using has access to query AD (as it runs just fine when I do a full import without using a custom source). Not sure where to look… AD, SharePoint… or where to find more info (no luck searching the SPS NNTP group or MSFT Support). Ideas?



4 Answers Found

Answer #1    Answered By: Agustin Miranda     Answered On: Aug 29

Are you sure sharepoint is pointing to the correct domain  controller? I think by default it tries to automatically discover the one to use… but you can specify a domain controller, as well as the port and the timeout.

Have you tried increasing the timeout? How long does the ldifde take to run? If it’s longer than 120 seconds, then increase your timeout.

Only other thing I can think of is to check  the event log of your domain controller and/or trace the packets to see if it’s even getting there.

Answer #2    Answered By: Arron Middleton     Answered On: Aug 29

The timeout isn’t an issue. It’s currently set  to 120s, but when I hit run  FULL IMPORT, let the postback take effect, and hit REFRESH right away, it comes back with “Access Denied” with the single error  listed in my original post.

I’ve also verified the controller LDIFDE hits is the same (both under autodiscovery and explicitly set) as a full import  from SharePoint.

The only two things that I can think of are to (1) check  the port (what port does LDIFDE run on?) and (2) get my AD guys to check the controller and see if there are any messages for denials within it.

Answer #3    Answered By: Vance Hardin     Answered On: Aug 29

I’m not positive what account  Sharepoint uses for profile  crawls. Are you sure it’s the SPS crawl account?

Did the event log on the DC tell you anything? (I’m guessing that since you mentioned “your AD guys” that implies that you don’t also have access  to the DC)

Answer #4    Answered By: Kareem Flynn     Answered On: Aug 29

The account  that SPS uses to populate the profile  database is specifiable in the Configure Profile Import page  (/_layouts/1033/SetImport.aspx). By default, SPS uses the default content access  account if one is not specified. I would try using an account that is a member of the domain  administrators group to see if that resolves the problem.

Didn't find what you were looking for? Find more on Profile database import issues Or get search suggestion and latest updates.