Search for Sharepoint Examples and Tutorials:   
Banner

Sharepoint Forum

Welcome: Guest!
Ask a question
Home » Forum » SharepointRSS Feeds

User Profiles syncing with AD

  
  Asked By: Erik Flores         Date: Jan 16, 2007      Category: Sharepoint      Views: 109

If a user object exists in AD and SPS is configured to import from AD,
profiles are automatically created for you and kept in sync. Ie, when
an attribute on the AD object is modified (Ie. department) then next
sync task, it will be imported to the profile.

The question I have is, I understand that when user objects associated
with profiles are DELETED from AD, SPS will attempt to sync the obejct 3
times and then flag the ad object as "unreachable".

What if the user object in AD is "DISABLED" though, instead of "DELETED"
? Will it still participate in sync operations or be considered
"detached"?

Does this makes sense?

Tagged:        

 

4 Answers Found

 
Answer #1       Answered By: Gretchen Stokes          Answered On: Jan 16, 2007       

I don't believe it treats it any differently. In other words, it will
find the AD object and update it.

Also keep in mind, that before Portal will mark the profile for
deletion, it has to complete 3 consectutive "FULL" crawls of the profile
database, and any incremental crawl will reset that counter. This is
slightly different than crawling other data, where an incremental does
not restart the 3 strikes and you're out counter.

 
Answer #2       Answered By: Angarika Shroff          Answered On: Jan 16, 2007       

I had no idea about the "incremental crawl"
resetting the counter.. this sure explains alot.

so by mixing fulls and incrementals together during the week (Ex.
M-Full, Tue-Inc, W-Inc, TH-Full, FRI-Inc) you are pretty much
guaranteed never to get any profiles in the "MISSING" category whethere
the account has been gone 3 days or 3 months?

 
Answer #3       Answered By: Eliza Hutchinson          Answered On: Jan 16, 2007       

Correct, Also check out Michael Bollhoefer's response he just made where
he provides an LDAP filter to filter out the disabled accounts

 
Answer #4       Answered By: Lesley Tate          Answered On: Jan 16, 2007       

You need to exclude disabled accounts or
rather include only active accounts through an LDAP filter on your
manage connections page for the profile import. The filter you will
need to implement is (&(objectCategory=person)(objectClass=user)( !
(userAccountControl:1.2.840.113556.1.4.803:=2))).

Further, the magic 3 imports is FULL imports not incremental. You
will need to do 3 full imports to exclude people into the missing
from import. Further, you might need to clean your profile manually
the first time to get all of the old accounts out.

sharepointinsight.com/.../Post.aspx?ID=3

 


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].
 

 
Hall of Fame|Facebook|Twitter|LinkedIn|Terms of Use|Privacy Policy|Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activity Log |  Interview FAQ |  Poll |  Hotlinks
Copyright © 2005-2011