SharePoint Notes

Bleeding on the cutting edge …

Syncing WSS and MOSS User profile properties with Active Directory

Posted by Christian Dam on May 5, 2008


Have you ever experienced that the properties from the Shared Services User Import are not correctly replicated to your existing sites?

Let me illustrate! From a “clean” MOSS installation with user profile import correctly configured, when you from the Welcome drop down list choose My Settings all you see is this:

If you look at the same account in the Shared Services Provider, it also has no properties:

This is expected at the user account in Active Directory also has no properties set. Let’s enter some:

After having run a full import the MOSS profile is populated with the properties from Active Directory:

So far so good, right? Almost! The My Settings information is still not reflecting the changes. 

Rachel explained this in the MSDN forum:

“There are actually 2 user profiles – one is a WSS profile and one is a MOSS profile. The WSS profile you access from Welcome user > My Settings page. The MOSS profiles are created when users are imported into the system from AD or LDAP. They are access from People Search or from a link off of your MySite.

The reason there are 2 is that you can install WSS without MOSS and they wanted a basic user profile. If you installed WSS without MOSS, you would see the profile (again, accessed through Welcome user > My Settings page) with about 3 properties.

If you install MOSS, do an import, and go to the WSS profile, you’ll see a bunch of properties added that MOSS adds. We now depricate the WSS profile. If you want to add property values to your profile, you need to go to your MOSS profile from your MySite (MySite > Details). You’ll be on the editprofile.aspx page. Add your properties. We then sync your properties to the WSS user list. You will see the values show up on the WSS profile after the sync happens.”

So the question is how to to force the replication?

Well, two MOSS Timer jobs per Web Application apparently control the replication. If you take a look at the Timer Job definitions (Central Administration -> Operations -> Timer Job definitions), you’ll find jobs called Profile Synchronization and Quick Profile Synchronization. These jobs should sync the changes to the WSS profiles. Unfortunately simply wait for the jobs to run aren’t good enough. However, a server reboot will make the synchronization happen. It is a bit drastic to reboot the server simply just to force MOSS/WSS to update a property update!

To make a long story short, use stsadm -o sync to force the property sync:

  • -o -synctiming changes the Profile Sync job
  • -o -sweeptiming changes the Quick Profile Sync job

I have gotten the best results by changing the schedule for the Profile Sync job to run every couple of minutes (stsadm -o sync -synctiming m:2). This may not be appropriate in a production environment with a large user population, though.

Update:

A great post explaining variuos aspects about user profiles and how they relate can be found here. Another great post about the sync jobs and user profile properties can be found here.

Update 2:

As stated by a few people in the comments, the trick with changing the synctiming and sweeptiming settings does not always work. I had the same issue at a customer site recently where not matter what I did, the profiles wouldn’t sync. I event tried to restart the Timer Job Service and the entire server farm, as I seen it work in other situations. Unfortunately, it didn’t work either.

However, the problem was solved using the stsadm -o sync -listolddatabases <n> and stsadm -o sync -deleteolddatabases <n> commands. The listolddatabases <n>option will list the databases that have not been successfully syncronized the last <n> days, and the deleteolddatabases <n>option will delete the syncronization information from the databases that are not successfully syncronized the last <n> days. Have no fear, using the deleteolddatabases option will not delete the content databases.

Afted having deleted the old sync information I forced the timer jobs to run as described above, and the syncronization completed successfully.

If you are having sync issues, chances are that error messages are showing up in the event log. Rodney Langley has a great post we he talks about similar issues as described in this Update here.

Advertisements

87 Responses to “Syncing WSS and MOSS User profile properties with Active Directory”

  1. Aron said

    Hy Christian

    My quuestion ist, that when I start a full profile import it syncs only the user’s profiles from this users they where added in sharepoint or import this job all the users from the defined AD?

    Thanks for your answer

    Aron

  2. Hi Aron,

    the profile import in the SSP will import all AD users that are part of the import query. By default that is all users in the AD.

    The syncronization for the sites will sync the properties (user names, department etc) to the site users. It will add all AD users to each site, if that is what are worried about.

    Hope this helps.

    Cheers,
    Christian

  3. gbelzile said

    Hi,
    Is it possible to only use the wss profile on a moss setup? Is there a way to disable the profile management in shared services to use it as if it was only a wss site?
    Thanks,

    G

  4. Gbelzile,

    not sure I understand the business reason behind what you are trying to accomplish. The profile import is not configured by default – why not just leave it unconfigured?

    Cheers,
    Christian

  5. saurabh said

    Hi,
    I have create some class/Attribute in ADS(Active directory) and attach all those class the the user in ADS.

    now how can i import the profile from ADS with those attributes also
    and how to automate the sync process

    thanks
    Saurabh

  6. Yee Haw said

    Hi,

    I had did full import from AD(Active Directory) and Shared Services Provider user profile can get the updates data. Again i did “stsadm -o sync” in the command prompt.
    But when i go to portal site > “people and groups” to view each user profile, there are not update here. Why??

    Thanks.

  7. Yee Haw,

    it can take a while before the changes are synched from the SSP database to the individual sites. I have seen lags of several hours, even though you use the “stsadm -o sync” command.

    Cheers,
    Christian

  8. Gary Boerner said

    SSP profile properties (MOSS Profile) will not transfer down to a WSS profile until the ProfileSynchronization timer job has ran. This by default is on the hour. This can be altered with the following stsadm command:

    stsadm -o sync {-ExcludeWebApps | -SyncTiming | -SweepTiming | -ListOldDatabases | -DeleteOldDatabases }

    I used: stsadm -o sync -synctiming m:5 to have this timer job run every 5 minutes. This should only sync the properties from the MOSS profile to the WSS profile whose tp_IsActive property in the UserInfo table of the content database of the WSS site is true. You should be able to look at the UserInfo table of the WSS content DB to look this property up as well. ( I believe 0 = false, 1 is true). I am not exactly certain how this property is changed to true for being active though yet. By default, I believe this is set to false.

  9. Gary Boerner said

    Also, stsadm -o sync only runs the QuickProfile timer job. I have not figured how to run the Profile sync timer job specifically with an stsadm command without just changing how often it runs.

    Cheers.

  10. nitesh said

    Hi ,

    Can we synch user profile in between AD and MOSS , I mean AD ==user profile==> MOSS.
    Now user update his/her profile in MOSS so MOSS == updated user profile==> AD?

    Thanks in advance.

    Nitesh Dobariya

    • Tyree Ballard said

      Did you get any futher with the “MOSS == updated user profile==> AD”? I’m implementing a MOSS 2007 environment and this would be helpful.

  11. Nitesh,

    no, the sync is one way from AD -> MOSS. As far I can tell you need custom development to update AD properties when the MOSS properties change. The MOSS profile also exist even if you delete the user in AD, although it become marked as inactive after a while.

    Cheers,
    Christian

  12. amila said

    I want to allow all AD accounts to have access (read) to MOSS setup. I used add all authenticated users to the home visitors group. (Now it shows as NT Authority\authenticated users ). However when I add a new account to the AD and then after doing a full profile import, still this new user cannot access the site. When i manually add this account to the same group only it gives access.

    Once he accessed the site, i removed the account from the group manually. So now again the mmebers are all authenticated users. But this time he can access the site.

    Does this mean that we need to add a aprticualr user manyally?

    appreciate your comments

    thanks
    amila

  13. Amila,

    I would normally not add authenticated users as a group but instead add the Domain Users group. Importing user profiles will not impact which users are allowed to authenticate, so I think the problem you are having with adding users are caused by something else.

    Cheers,
    Christian

  14. amila said

    I added both authenticated users as well as domain users in to the visitors group (that has view rights to all sites). However still a new user account created in AD doesn’t have access, until i add that manually to the visitors group.

  15. Amila,

    this sounds very weird indeed… All I can think of is that either 1) your user not member of the domain users group, or 2) there is a Policy for Web Application (in Central Administration) that is blocking access to one the groups.

    Cheers,
    Christian

    • panoone said

      Hi Amila, we had exactly the same problem but onloy on one of our site collections that was provisioned with its own database. No one could resolve it and it just fixed itself one day.

      We now have the same problem again with two new site collections – and they’re all in the same web app!

      …waiting patiently to see if it fixes itself again. 😦

      Definitely some weird trust/synch issues going on.

  16. Cristina said

    Hi Christian,

    I have an issue regarding profile deletion. There is one person in the company leaving, so her user in the LDAP is going to be deleted. What will happen with for example the comments she wrote in multiline text field with “append text” enabled? or the things that were created by her?

    Thank you.

  17. Cristina,

    I am not quite sure. Since SharePoint have no knowledge about the user repository where the user validates I would extect noting happens as long as the user account is not deleted from SharePoint. If the user account is also added to the user profile database in Shared Services the account will be marked as inactive after a while and eventually pruned (I think), but it should not affect the comments or other things created by her.

    To be sure, it should be easy to test what happens 😉

    Cheers,
    Christian

  18. Igor Schulz said

    Hi Christian,

    does it possible to synchronize only one or two user profiles?
    I have only two users to synchronize and I want to beware the other user profile from synchronisation.

    Thank you.

  19. Tp said

    Hi There,

    I updated a users email address. I see the changes in SSP but not in the Content DB’s. I have the profile job and the quick profile sync job run every hour. The email address change was done yesterday, but I don’t see the changes in the content db until now. I have changed so many email addresses before and it all worked fine. Suddenly it stopped replicating the changes. I remember I did the last email changes successfully about 15 days back. Can anyone please guide me where it could be causing the issue and how to make the email IDs sync up. The User profile in the SSP looks fine, but when I try to add the user to the “People and groups” add users–> it displays his old email id. Please help!

    Thanks,
    tp

  20. Hi Igor,

    sure – you can use the User Filter to only import the users you want. Suppose you only want to import Administrator and Bob, your string will look like this:

    (&(objectCategory=Person)(objectClass=User)(|(cn=Administrator)(cn=Bob)))

    Scott Wheeler has a good list of common filters here: http://sharepointsherpa.com/2008/03/14/sharepoint-2007-ldap-user-filters-for-limiting-user-profile-import/
    Also, check out the Search Filter Syntax on MSDN: http://msdn.microsoft.com/en-us/library/aa746475.aspx

    Happy New Year,
    Christian

  21. Tp,

    I’d start with deleting the old sync databases as described in “Update 2” in the post and force the sync again.

    Happy New Year,
    Christian

  22. Tamara said

    Hi Christian,

    I’ve got a question concerning AD sync with WSS3.0. As a WSS installation does not offer the MOSS SSP features where I can define a sync with the AD, is this nevertheless possible? I’ve been through different sites and blogs, but haven’t found a reference on how to tell WSS to get the users from an AD.
    If it is not possible – how do I grant access to a large amount of users to the WSS sites I’ve created?
    Appreciate your help on this issue.

    Thanks,
    Tamara

  23. Tamara,

    Profile sync and user access are two different things. You do not need the SSP functionality to add a Active Dirctory group to a WSS site. Simply add the group as you would add a normal user: People and Groups -> New -> Add User.

    And no, you cannot import users from Active Directory or any other user reposity in WSS

    Cheers,
    Christian

  24. Tom said

    Christian;

    Along the same lines as the question posted by Tamara (#23). I added the AD group DOMAIN\DOMAIN users to the People and Groups part of WSS. Now I have a complete list of all domain users under Peopl and Groups: All People. I did this when first installing WSS. Since then there have been several user accounts that have been removed from AD. However they still remain in WSS. Any way to remove these deleted users from WSS? Also, some of the account information in AD (mainly title) has been changed for a few users and does not show in WSS. This information doesn’t snyc?

    Thanks!
    Tom

  25. Mike S said

    WSS 3.0 question, when we make changes to users in AD how can I update WSS user profiles?

    I have WSS 3.0 running for our Intranet using Windows authentication, all users first logon to the AD domain so they do not log on to WSS. For the entire site the “SiteX Members” group contains an AD group (DOMAIN\domain users) so all of our users can access it. When users log in for the first time some AD information is added to their WSS User Information entry (e.g their Title and Email etc). If I make changes to a user in AD how do we update WSS? If a users title gets changed WSS doesn’t pick that up

  26. Good Day, We have followed the information from this post and our AD is imported to MOSS Profiles and is also successfully replicating through to the WSS Profiles as well.
    Specifically we have a “Company” field in AD which is now correctly displaying (in WSS Profiles) and populating with the value from the MOSS Profile (imported from AD).
    The challenge we are having is we want the same field and value to appear on other lists (without needing to click the username to view the WSS Profile “_layouts/userdisp.aspx”).
    For example we want this Company field to display on “servername/_layouts/people.aspx”.
    Which is really populated from “/_catalogs/users/simple.aspx”.
    I have attempted to add a new site column using “Company” from the Core Contact and Calendar group and I have attempted to create a custom column pulling Company from “All Users” (radio button choice on the new custom column page.
    Neither if these columns populate with a value when added to a list such as “_layouts/people.aspx”.
    How can I get this Company field to display on list pages such as “_layouts/people.aspx”.
    We are launching this site soon so I am praying you are still monitoring replies?
    Thanks so much for your attention to this question

    • Gordon Johnston said

      Hi John,

      Did you ever get an answer to this?

      I am facing a similar problem of gettin Manager to come through tfom AD and display in the people.aspx list.

  27. Bryan said

    Hello,

    I have just read through this thread and i see very similar problems to the ones i am facing. Let me explain my situation and setup and hopefully there will be some tips.

    We have 2 ssp’s that host multiple web applications, however there are only two that i care about, one web app in each SSP. I have created a synch job to occur between AD and MOSS’s SSP user profile. This runs successfull and i have completed the full import of 5000 users. Incremential jobs and changes in AD are reflecting in MOSS’s SSPs as well.

    the problem is that the job is NOT synching with the web applications. So if i go to one of the site collections, all people, and click on the name none of the information is coming down.

    I have used a tool from codeplex called “User Profile Sync” but this only works for one SSP and web application, not to montion a less than desired method to make this happen.

    I HAVE completed the -listolddatabases (which comes up clean) and -deleteolddatabases (nothing to delete) with out helping. Further, i have set the timing from one hour to 5 minutes…. several days pass with no changes. Timing is not an issue either as i have tried many different times.

    So the sync between MOSS and the Web Application is failing, bottom line. We do not have MySites enabled nor do we want them at this time. I have no desire for users to update their information either. I just want the synch from AD to MOSS (works now) and then to the site collections/web apps (this is broke) to work.

    I have been working with MS for weeks on this with no success. Any ideas is appreciated. Thanks

    bryan

  28. All,

    first, let me appologyze for not replying sooner but I and in the middle of a migration project from SharePoint 2003 to MOSS 2007 that is taking up all of my time.

    However, I share your pain! Two of my customers are facing the exact same problems that you are all describing I am also failing to get the sync to work properly. Obviously, I have tried the steps in the original post, but nothing seems to work. I cannot get the propertiesto sync from the SSP to Web Apps.

    I have started a case with Microsoft, but sofar it hasn’t helped, but I’ll share their suggestions, anyway:

    ==== MS mail snippit start ===

    Please Go to Central Administration > Operations > Timer Job Definitions and make sure all of “Profile Synchronization” and “Quick Profile Synchronization” shows “Minutes” and not “Hourly”

    Clear config cache by doing the following:

    1. Net stop sptimerv3
    2. Take a backup of C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config\ and delete all files except for cache.ini
    3. Open cache.ini and change the value to 1 and save and exit the file
    4. Net start sptimerv3
    5. Now you will see C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config\ starts populating the XML files in the folder
    6. Wait till you confirm the population is over and SharePoint timer service is no longer creating new files (sort by date modified)
    7. Wait for 1 more minute after all files are populated
    8. Go to Central Administration > Operations > Timer Job Status and ensure “Profile Synchronization” and “Quick Profile Synchronization” are updated last minute
    9. Now open the People and Groups to see if the users are updated

    Some known issues:
    953131 When user account information is changed in Active Directory Domain Services (AD DS), the User name and Account name information is not synchronized correctly after you import a profile in SharePoint Server 2007

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;953131

    ==== MS mail snippit end ===

    Thanks for posting. Please keep sharing thoughts and ideas!

    Cheers,
    Christian

  29. Bryan said

    I also have a case opened with them as well. However, for weeks they cant figure it out. My guess is that we may have stumbled on a bug in the product where multiple SSP’s and Unique AD sync’s fail. I know it seems rather apparent this should be supported….. but if you have been working with this product for a while this should come of no suprize to you. Very frustrating to say the least.

    They had me do the same things with clearing the sync cache as well. Nothing worked there either. Let me know if you find a solution, work around, or 3rd party tool that does the trick. I am running a codeplex tool as well with no luck. However, it works with one SSP and Web App but not the others.
    http://userprofilesync.codeplex.com/

  30. Bryan said

    would it be beneficial to exchange our case ID numbers? Probably working with the same people. LOL

    • I doubt it – I am working with Microsoft in Sweden, I think.

      They sent me a link this post the other day, so I am not sure we will be getting anywhere 😉

  31. kassem said

    hello all,

    thanks for your nice ideas. i had a problem i wish i can find a solution for it with you. i have a MOSS site and i added my users from Active Directory. the problem is that when i add a property to a user ( for example: email address or work phone or department etc.. ) i cant find this change in the people and group part in the MOSS site. please anyone have any idea about that how can we do it . its important for me.

    Thanks you.

  32. kassem said

    thanks for your reply, another question in the same scope. if i did sync in SSP .. can i add the proiles from SSP to People and Groups in my MOSS Site ?

  33. Bryan said

    I finally fixed this issue on my servers. Took a long time but wanted to post this as this could be a similar issue. At least it helped me.

    Question. Do you have .net 3.5 sp1 installed? If not have you ever? Either way this seems to be the root cause of the issue. In my case i rolled back but just having that installation exist at one time was the problem. Do you notice any strange behavior in Search Administration within the SSP’s? This was my first clue.

    Steps to identify the possible issue.
    1. Run SSLDiag tool (http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en)
    2. See if there are alerts on the IIS web site “Office Server Web Services”
    3. If there are you will have to run SelfSSL on each of your servers….

    Change Cert
    1. Stop the Windows SharePoint Services Search service. To do this, follow these steps:
    a. Click Start, click Run, type cmd , and then click OK.
    b. At the command prompt, type net stop osearch, and then press ENTER.
    c. Type exit to exit the command prompt.

    2. Download and install the IIS 6.0 Resource Kit Tools. To obtain the IIS 6.0 Resource Kit Tools, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?familyid=56FC92EE-A71A-4C73-B628-ADE629C89499
    (http://www.microsoft.com/downloads/details.aspx?familyid=56FC92EE-A71A-4C73-B628-ADE629C89499)
    3. On each server in the farm that has Office SharePoint 2007 installed, follow these steps:
    a. Click Start, click Run, type cmd , and then click OK.
    b. At the command prompt, type

    Selfssl /s:(IIS ID of the Office Server Web Services site) /v:(length of validity for the certificate in days – e.g. 1000)

    4. Start the Windows SharePoint Services Search service. To do this, follow these steps:
    a. At the command prompt, type net start osearch, and then press ENTER.
    b. Type exit to exit the command prompt.

    Once i finished the above i checked my Site collections and the users were indeed synching with the correct information. Hope this helps!!!!!!

    • Great find, Bryan! I also had the two search related problems on the current project and I fiex those over the weekend. It actually appears to have solved my sync problems as well!

      Thanks, mate!

    • Fred said

      Brian, thanks a lot for your effort. You have provided a great solution for a bug that Microsoft’s support couldnt not even understand…

    • mansoor said

      Hi Brayan and Christian,

      The above steps which you are given the install IIS 6.0 resources kit tool and type the command selfssl ,
      If i follow these steps can i get all the active direcoty users into the WSS site.because I am using WSS 3.0

      Regards,
      Mansoor

  34. Kassem said

    Hello Bryan and Christian Dam,

    Bryan I did the steps you mentioned above but when i checked my already added users i didnt find the changes that I did before on there profile on the AD or in SSP.

    NEEEEEEEEEEEEED Helpppppp please

  35. Kassem said

    Dear Christian,

    I created the users on ID, then I added them to sharepoint site, Then I added some changes like the company name and department name and email address etc.., I want to show these changes in the sharepoint site in the people and group section, so that when i change something on the user’s profile it must show directly in the sharepoint site ” this is the logic “. So, how can i do it??

  36. Kassem said

    im using both. In WSS i founded all the profiles and when i do crawling i notice that all the changes are shown. but in MOSS site in people and group section i cant see the changes .. do u have a step by step solution ??

    Thanks

    • Kassem,

      well, if you are using MOSS then configure the SSP that is servicing your wep application to automatically import users from Active Directory. Unless you are having the same problems as the rest of us in this post, the chances should automatically be syncronized when the timer jobs are run.

      Cheers,
      Christian

    • Mansoor said

      Kaseem

      U are saying u found all user profiles when u do crawling ,but crawling feature is not a WSS ,it is MOSS.
      How do u do that and how to get all users profile from AD to WSS site.please tell me steps

      I also same issue with my project requirment, i.e No of users are available in AD,i want import all users in WSS site and also when any modified users it should be change in WSS site.

      Need Help..Plz

      • Kaseem,

        profile import is a MOSS only feature, so it is not possible to automatically import the users into WSS. Using stsadm-scripts or third party tools may help you add the users to a WSS application, though.

        Cheers,
        Christian

    • mansoor said

      Kaseem

      As per above ur comment u got all AD users into the WSS site,

      Tel me same as my project requirment using WSS 3.0

      Tel me Kaseem how to do that..!

      Mansoor

      • Eh … show me again where anybody is talking about doing a AD import to a WSS installation? If anything, people – myself included – are talking about syncing into a WSS (team) site / content database hooked up on a MOSS infrastructure.

        Cheers,
        Christian

  37. Bryan said

    Christian,

    Since fixing the cert issue to resolve my AD synch and search related issues i have noticed that my Scheduled Crawls are not working. They simply do not crawl on the scheduled time. However, i can manually run them just fine.

    I have done some looking around and when i look into SSL Diagnostics is see the following error: SELF SSL #WARNING:Error 0x800b0109 : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    Now when i ran Self SSL i ran it individually on each server. Did i have to run it once and then distribute?

    This is only a hunch of what is happening, but i cant figure out why scheduled crawls are not working.

    Thanks!

    • mansoor said

      Hi Bryan and Christian

      I am working a project using WSS3.0 .My requirment is, All the users in AD is imports to WSS site with all user profiles like his name, phone number ,department etc.. and whatever changes made in AD it will update in WSS dynamically. I know it is possible only in MOSS,but clent wants WSS.

      How to do that..! its critical.do the neefull

      Regards,
      Mansoor

      • Well,

        this a as you say a MOSS only feature but since the customer will not pay the big bucks for the full blown product, the only option left I see is custom code or third party products. The price difference between MOSS and WSS is *massive* so hopefully you can find the budget somewhere 🙂

        Cheers,
        Christian

  38. Mike said

    Try this for those that cannot sync:
    Download SharePoint Manager 2007.
    Click around and find your site collection and click on it. The right hand side will give lots of information. Make note of the ID. That is what we are after.

    Open Microsoft SQL Server Management Studio Express. Open The Shared Services Database. Mine was called SharedServices1_DB. Find the table called dbo.SiteSych. Right click on it and choose Open Table. Locate your SiteID in the SiteID column. This is the ID you found by using SharePoint Manager 2007. Find the moving column. Does it say True? If so, change it to False and click out of that record to save it. Run stsadm –o sync. For those that get errors running that command, do not copy and paste it; type it manually.

    Check your profiles and see if they are synched. Mine were!

    • Mike,

      great find! I have to try that the next time I see this issue.

      Note however, that writing to the database directly may hurt your supportability with Microsoft, so I’d be very careful with that.

      Cheers,
      Christian

      • Mike said

        Christian – I found an even better answer with the help of someone in the MS forums. Here is part of my post:

        stsadm -o sync -listolddatabases 0
        stsadm -o sync -deleteolddatabases 0

        When you run stsadm -o sync -deleteolddatabases 0 it will remove all entries in the SiteSynch table. Once the full synch runs again, it will repopulate that table with the proper entries.

        It looks like you will have to wait for the full synch to happen to see some results. Running stsadm –o sync will only do the quick synch, but if you are anxious, you can change the full sync time by running stsadm –o sync –synctiming m:5 where m is minutes.

        Keep in mind that stsadm does not like copy and paste very well from what I have found anyway. If you get an error running the above commands using a copy and paste, manually type them in the command line.

      • John said

        This solution worked for me as well.

        C:\Documents and Settings\sharepointadminaccount>stsadm -o sync -synctiming m:5

        Operation completed successfully.

        C:\Documents and Settings\sharepointadminaccount>stsadm -o sync -listolddatabases 0

        Shared Service Provider Teams Farm Shared Services 1
        ID: 41c13649-4348-4fe5-94c2-10c71f2c3a1a Synchronized: 11/7/2009 5:00:00 AM
        ID: 8f08dbbc-acf5-4389-8482-18f8a39248cc Synchronized: 11/7/2009 5:00:01 AM
        ID: 8e98ce43-e32c-484f-b926-4d0d2c20b0b6 Synchronized: 6/8/2009 4:00:01 PM
        ID: 6f7e5a01-75df-45a2-b98f-60d80c92ac0a Synchronized: 11/4/2008 4:00:01 PM
        ID: 9d020946-edbe-4a1f-b4a3-6fc7de4768a5 Synchronized: 11/7/2009 5:00:01 AM
        ID: 26f26096-b44a-411f-a0b6-75231aff1baf Synchronized: 10/5/2009 6:00:02 AM
        ID: 3504c084-29b7-40aa-bff2-9e7d540c3469 Synchronized: 11/7/2009 5:00:01 AM
        ID: da27cdb8-4899-4bf0-9904-b029d60c6274 Synchronized: 11/7/2009 5:00:01 AM
        ID: d400baa1-d4db-4274-afa3-df881d2a3651 Synchronized: 11/7/2009 5:00:01 AM

        C:\Documents and Settings\sharepointadminaccount>stsadm -o sync -deleteolddatabases 0

        Deleted sync information for DB 41c13649-4348-4fe5-94c2-10c71f2c3a1a
        Deleted sync information for DB 8f08dbbc-acf5-4389-8482-18f8a39248cc
        Deleted sync information for DB 8e98ce43-e32c-484f-b926-4d0d2c20b0b6
        Deleted sync information for DB 6f7e5a01-75df-45a2-b98f-60d80c92ac0a
        Deleted sync information for DB 9d020946-edbe-4a1f-b4a3-6fc7de4768a5
        Deleted sync information for DB 26f26096-b44a-411f-a0b6-75231aff1baf
        Deleted sync information for DB 3504c084-29b7-40aa-bff2-9e7d540c3469
        Deleted sync information for DB da27cdb8-4899-4bf0-9904-b029d60c6274
        Deleted sync information for DB d400baa1-d4db-4274-afa3-df881d2a3651

        C:\Documents and Settings\sharepointadminaccount>stsadm -o sync -listolddatabases 0

        Shared Service Provider Teams Farm Shared Services 1
        No databases match the criteria for this Shared Service Provider

    • Marcus said

      Mike,

      Been trying to find an answer for this for ages, I tried your method of using SharePoint Manager 2007 and SQL however our core SharePoint site does not appear in the dbo.SiteSync table. Any ideas why ? it is on the same Shared Service Provider.

      Many Thanks this is very frustrating.

      Marcus

      • Mike said

        Marcus,

        Did you try the following:

        stsadm -o sync -listolddatabases 0
        stsadm -o sync -deleteolddatabases 0

        This does the same thing as going to the database but in a much nicer fashion. See if that works for you.

        Thanks,
        Mike

      • Marcus said

        Mike,

        yes tried everything in this article. it is working for 3 other site collections but not our primary one..

        I also see from Central administrator that the quick profile is aborting for this specific collection. the content database is online and ready..

        thanks

        Marcus

      • Mike said

        Marcus,

        Unfortunately I cannot help you with that one. Hopefully someone else has seen that and can comment.

        Good Luck!
        Mike

      • Marcus Taylor said

        Mike,

        Strangley enough it now seems to be working after installing the December CU yesterday 🙂

        Many Thanks

        Marcus

  39. mansoor said

    Hi Bryan,Christian ,Kaseem and everybody

    I got the solution for the all AD Users profiles are imported to WSS Site with out MOSS.and when i add new user in AD ,it will dynamically added into the WSS site.

    Using Windows Poweshell script we can do that.

    I can unable to attached the scripts here, otherwise i will send a mails to all. So that we can use it.

    –Mansoor

    • avnit said

      Hi Mansoor

      Can you please email me the powershell script you have used to update the users profile.

      • mansoor said

        Hi avnit,

        Send me your mail id , i will send poweshell script.
        But,this script works only retrive all AD users into the contact list,not working syncing .
        If u know,plz send it.

        Requirment: When modified in Contacts in contact list it will updated in AD.

        Regards
        Mansoor

  40. Steve Wigren said

    If you take a content database offline it also will not sync with the SSP profiles. You’ll see this message for each off-line database in the SharePoint logs if you run stsadm -o sync:

    Aborting sweepsynch for guid instance …. due to null or non-online content database

    We had made the content db’s offline so that no more site collections could be created in them, but it looks like you can’t do that if you want user info to be updated.

    • Interesting! Thanks for sharing. You can still prevent new sites from being created by setting Maximum Number of Sites = Current Number of Sites.

      I have tried to recreate the error you specified but failed. When I set a content database offline my event logs are still clean. Where do you see the “Aborting sweepsync …”-message?

      If you for business reasons still would like to set your databases offline, I’d suggest running the “stsadm -o sync -deleteolddatabases 0”-command to prevent the sync jobs from trying to sync as it will remove the entry for the content database that is offline.

      Cheers,
      Christian

    • GuilleSQL said

      I had same problem, syncing user profiles and using content databases offline…

      In my scenario, i had some content databases in the web application.

      http://www.guillesql.es/Articulos/Sincronizacion_perfiles_MOSS_WSS3.aspx

      Cheers,
      GuilleSQL

  41. mansoor said

    Hi All,

    I got the solution for importing AD users into WSS site,but my client requirment is when the user modified Contacts in WSS site dynamically updated in AD.

    This requirment is unable to get ? So anybody knows please send the code or link..its importent.for me .Waiting reply

    –Mansoor

  42. Robert said

    Mike’s suggestion worked for me. I had sites from a collboration database that weren’t showing up in My SharePoint Sites. When I checked the SiteSynch table in the SSP DB the SiteId for that collboration DB site was listed as True for moving. It hadn’t synched for two months. I followed Mike’s instructions.

    1. Manually change the True to False for the Moving column in the SiteSynch table and made sure it accepted the update.
    2. Typed stsadm -o sync in and ran successfully. (Cut and paste failed, it listed the stsadm switches)
    3. Ran stsadm -o sync -deleteolddatabases 0
    4. Waited for the timer job to run.

    Two months worth of sites were now available in My SharePoint Sites.

    Thanks Mike!

  43. Lee said

    Hi

    We ran a full AD import into MOSS 2007 which was successful (according to the import log), ran the stsadm -o sync command. Ran a full crawl after that. We now see all 4000+ AD users in our site collection. The issue now is, when anyone clicks on a user id, they immediately get a HTTP 404 webpage cannot be found message. Looks like all of the id’s are in userdisp.aspx file. Anyone ran into this issue? Is SSP hosed?

    Thanks

  44. Lee,

    I have seen that a couple of times when moving content databases between farms. In all of my cases it was resolved when the profile database was properly synced with the content databases.

    Cheers,
    Christian

  45. shuyi said

    Hi,

    I have a problem on retrieve user from SSP to add into Peoples & Groups, but failed to lookup the user, it always prompted “No exact match was found.”. I had performed Profile Sync and Quick Profile Sync but it seem like not working. Can anyone advise me what to do?

    Thanks & regards,
    shuyi

    • Shuyi,

      Are you using more than one SSP? If so, are you sure the current web application is associated to the correct one? If you are only using one SSP, I start by checking the following:
      – user profile import is working from Active Directory or an LDAP source
      – sync to the web app content database is working (use stsadm -o listolddatabases 0 to identify)
      – check any people-picker settings that may be in place

      Cheers,
      Christian

  46. shuyi said

    Thanks for your reply. Finally we had found the root cause which due to some error encountered on the NetLogon service in our AD server. After we restart the service, the MOSS People Picker work fine now. We are able to lookup all users in SSP which were imported from our AD.

  47. Matt said

    I had this problem and it seemed nothing would fix it. I called Microsoft, mentioned all the deleteolddatabases, synctiming, ignoreisactive, etc etc etc that I ran. Here’s our 2 second fix.

    Add the user explicitly into a different site in the site collection again or add them back into the site again. Verify their settings update (which in our case it did) and then remove the explicit add. Since we were using groups and not explicit users to control permissions, it appears the WSS profile wouldn’t update. The manual explicit add forced a recheck it seems.

    That was it! Still doesn’t explain the bug, but it got us there!

  48. Steven Versteeg said

    I am trying to get clarification about user profiles. We are running MOSS 2007 previously used mysites but are not longer doing so. Our problem is that new users are getting added by, what we believe is AD, but their email address is not getting added even though it is in AD. Old user worked fine, and some started working after awhile.

    1) How do we know if we are pulling information directly from AD or from the user profiles? and do we have to be concerned about he issues raised in this thread.

    2) If this is information is coming from AD, why would we not get all of the information?

    Thanks.

  49. Dave Leadbeater said

    Guys/Girls
    I have a WSS 3.0 enviroment with search server express installed which over rights the default SSP pages this means the “Users profiles and properties” is no longer there, does anyone know if it create’s a link to it any where else?
    All I want to do is change one persons display name, normally this would be a 2 second job.

    I dont want to do a full ad sync as I dont want all my ad users to be imported in to WSS.
    Any ideas?
    Cheers Dave

  50. Dany George said

    Hi Christian,

    I created some new custom user profile properties and mapped with AD field value. But it is not showing up the value, even after the full synchronization and crawl is completed.

    Could you please let me know What I am missing here.

    Regards
    Dany

  51. Ivanov said

    Hello!
    Can I use custom fields from the AD? And whether they will be adequately displayed?

  52. Burke said

    We wrote a free web part for 2007 which allows users to update select Active Directory information which in turn gets synced back to the profile database…

    http://adselfservice.codeplex.com

  53. […] Syncing WSS and MOSS User profile properties with Active Directory […]

  54. Just wanted to leave some positive feedback based on Matt’s comment on 24th June 2010.

    I’ve been going mad the last week becuase we had a user that was updated in AD, but the profile didn’t sync with our MOSS Farm.

    After doing a number of profile imports (full and incremental) she was still showing as “jane.before” instead of “jane.after”. She was also appearing twice in the address book when trying to be added.

    I didn’t run the steps advised at the top of this post (due to access permissions) so I jumped straight to Matt’s fix – it seemed silly that such a simple fix would sort it out.

    I added the account for “jane.after” into one of our SharePoint Groups.

    I then removed her from that group, along with her name from the Site Collection (All People).

    I asked the use to then check our homepage (becuase we have NTAUTHORITY\All added) and hooray! She now appears as “jane.after”.

    So thanks Matt for your tip – and thanks to Christian for writing the article first off.

  55. […] Syncing WSS and MOSS User profile properties with Active Directory « SharePoint Notes […]

Sorry, the comment form is closed at this time.

 
%d bloggers like this: