4. SharePoint Profile Synchronization
This sync option relies on configuring
the User Profile Synchronization service. Readers familiar with
SharePoint 2010 will recognize this more involved process, described in
the following sections.
4.1 Configuring the User Profile Synchronization Service
The User Profile Synchronization
service is responsible for creating and provisioning the necessary
tools that enable synchronization. The following steps describe the
process. This example assumes you already have the User Profile Service
Application created; therefore, only one additional account is
required. The first step in the process requires configuring an Active
Directory user account that will be used to perform the sync. This
account needs to be granted “Replicating Directory Changes” permissions
on the domain. Here are the steps to do that:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click
the domain name in which the account resides, and select Delegate
Control. Click Next, and then click the Add button.
3. Enter the account you want to use for the synchronization process and click OK.
4. Click Next, and then select Create a custom task to delegate.
5. Click Next again. Then, in the Permissions box, select the Replicating Directory Changes option.
6. Click Next, and then click Finish to close the dialog.
You need to perform two other tasks to ensure that the User Profile Synchronization Service starts correctly:
- Ensure that the farm account is a member of the Local Administrators group on the server that hosts the synchronization service.
- Ensure that the farm account has been granted “Allow log on
locally” right in the Local Security Policy on the server that hosts
the synchronization service.
At this point, you should reboot the machine that
is hosting the User Profile Synchronization service. After the server
reboots, navigate to Central Administration so you can begin the
process of starting the User Profile Synchronization service:
1. From the Central Administration home page, click Systems Settings.
2. Under the Servers section, click Manage services on server.
3. Using the Server drop-down at the top of the page, select the server that hosts the User Profile Synchronization service.
4. Find the User Profile Synchronization service and click Start. Figure 4
shows the resulting dialog. If the User Profile Synchronization Service
page has a red banner at the top stating “This can only be used if
SharePoint Profile Synchronization is enabled in the Configure
Synchronization Settings for this User Profile Application,” then
return to the section “Choosing a Synchronization Method,” and ensure
that you selected the SharePoint Profile Synchronization option.
5. Select the User Profile Service Application that will be associated with this sync service instance.
6. Enter the password for the farm account in both the Password and Confirm Password boxes, and then click OK.
At this point you’ll be redirected back to the
Services on Server page, where you will see that the status of the User
Profile Synchronization service is Starting. The service can take up to
10 minutes to start, so now would be a good time to take a break, grab
a beverage, or just catch your breath. If after 10 minutes you notice
that the status is still Starting or is now Stopped, don’t panic. Check
the ULS logs and the Event Log on the server for any relevant entries.
In general, if the process wasn’t successful, you will find one or more
entries in the logs that need to be addressed. After resolving any
errors, start the process again.
