Go 4 Sharepoint

Search:

Welcome: Guest!

Sharepoint Forum

Home » Forum » Sharepoint

Ask a question

RSS Feeds

Profile database import issues

Asked By: Ervin Pickett Date: Aug 29, 2005 Category: Sharepoint Views: 688

I’m working on a custom LDAP query to import my users into my profile database. After having some issues, and then checking & testing my query against a recent article by Wayne Hall on Mindsharpblogs.com (MindsharpBlogs.com/.../497.aspx), I’m a little stumped.

Our company has a standardized login for employees, and contractors into our AD… basically a 1 or 2 character prefix followed by some digits. Using a custom LDAP query, this will help me rid the profile database of resources, groups, and other accounts within AD that I’m not interested in.

When I run my query using the command line LDIFDE utility, it works just fine and as expected (logged in with my AD account… also works fine when I login using the account that is set to access AD). However, when I enter the query in the Manage Connections page, I get the following error in the gatherer:

6/17/2005 7:20:00 AM Modify spsimport://[OUR DB SERVER]

The address could not be found, (0x80070005 - Access is denied. ) Access was denied on domain: ([OURDOMAIN]), and user information from the domain was not imported. Check the user name and password of the access account specified on the Configure Profile Import page. If incremental import is enabled and you are importing from a Windows 2000 domain, check that the access account has the Replicate Changes permission for Active Directory directory services.

What has me confused is I’m positive the SharePoint service account I’m using has access to query AD (as it runs just fine when I do a full import without using a custom source). Not sure where to look… AD, SharePoint… or where to find more info (no luck searching the SPS NNTP group or MSFT Support). Ideas?

Tagged:profile database import issues

4 Answers Found

Answer #1 Answered By: Agustin Miranda Answered On: Aug 29, 2005

Are you sure sharepoint is pointing to the correct domain controller? I think by default it tries to automatically discover the one to use… but you can specify a domain controller, as well as the port and the timeout.

Have you tried increasing the timeout? How long does the ldifde take to run? If it’s longer than 120 seconds, then increase your timeout.

Only other thing I can think of is to check the event log of your domain controller and/or trace the packets to see if it’s even getting there.

Answer #2 Answered By: Arron Middleton Answered On: Aug 29, 2005

The timeout isn’t an issue. It’s currently set to 120s, but when I hit run FULL IMPORT, let the postback take effect, and hit REFRESH right away, it comes back with “Access Denied” with the single error listed in my original post.

I’ve also verified the controller LDIFDE hits is the same (both under autodiscovery and explicitly set) as a full import from SharePoint.

The only two things that I can think of are to (1) check the port (what port does LDIFDE run on?) and (2) get my AD guys to check the controller and see if there are any messages for denials within it.

Answer #3 Answered By: Vance Hardin Answered On: Aug 29, 2005

I’m not positive what account Sharepoint uses for profile crawls. Are you sure it’s the SPS crawl account?

Did the event log on the DC tell you anything? (I’m guessing that since you mentioned “your AD guys” that implies that you don’t also have access to the DC)

Answer #4 Answered By: Kareem Flynn Answered On: Aug 29, 2005

The account that SPS uses to populate the profile database is specifiable in the Configure Profile Import page (/_layouts/1033/SetImport.aspx). By default, SPS uses the default content access account if one is not specified. I would try using an account that is a member of the domain administrators group to see if that resolves the problem.

Didn't find what you were looking for? Find more on Profile database import issues Or get search suggestion and latest updates.