SharePoint External FIM Issue - Missing Manager Property

The User Profile Synchronization service is the core of the synchronization architecture in SharePoint Server 2013. When you start the User Profile Synchronization service on the synchronization server, SharePoint Server 2013 provisions a version of Microsoft Forefront Identity Manager (FIM) to participate in synchronization. A User Profile service application can only have one User Profile Synchronization service. A User Profile Synchronization service is associated with connections and mappings.

mappings

So that being said we are going to talk about an issue with the missing manager field in the SharePoint user profiles. This is something new which we observed in our environment and we happened to work with our PFE to fix this.

In our environment all was well with pushing the user profiles from FIM to SharePoint except the “manager” field wasn't getting populated, even though FIM was synching it correctly. After working with our PFE and the FIM engineer, we solved this one.

So in a nutshell the issue which we are trying to fix here is the missing manager field which doesn’t get populated in the SharePoint user profiles when you’re using FIM to push the profiles.

You can take a look at how this is set up by going to Central Admin, User Profile service application, then Configure Synchronization settings.

Synchronization settings

Fix:

Open your ULS log, and look for an entry that looks like this as in the following screenshot:

Open your ULS log

What this means is that we're getting a null reference exception, when the FIM management agent/connector for SharePoint finishes up. It calls a finalize method that's part of the web service.

This finalize method is checking for a running instance of the “User Profile AD Import Timer Job “. The problem is that this timer job only gets created if your UPSA configuration settings is set to use the "Active Directory Import" option. Please check the screenshot below.

User Profile AD Import Timer Job

If you never use/set that setting, which you probably don't because you're trying to use your External FIM deployment, the Timer Job will never exist. To create the timer job, all you need to do is change the setting in your UPSA's "Configure Synchronization Settings" page to "Active Directory Import" and then to back “External FIM”. This won't break anything.
Also in addition to that make sure you’re disabling the “User Profile Active Directory Import Job

disabling User Profile Active Directory

You will notice this timer job the moment you change the synchronization settings from “External FIM” to “Active Directory Import”.

You can also use PowerShell for this:

  1. $upsa = Get-SPServiceApplication -name "YOUR_UPSA_NAME"  
  2. $upsa.NoILMUsed = $true  
  3. $upsa.Update()  
  4. $upsa.NoILMUsed = $false  
  5. $upsa.Update()  
Once this is done, after you run your next FIM full sync, the Finalize method will run, and kick off what it needs to. It may take a few minutes, so please be patient. To confirm the finalize method has run, you can examine your user profiles to ensure the manager field is now present, and also look for entries similar to this in the ULS logs.
 
Read more articles on SharePoint:

 

Next Recommended Readings