After Installing the Microsoft Identity Manager 2016 and ForeFront Identity Manager Connector for SharePoint User Profile Store, now, we have to configure the Synchronization for SharePoint Server 2016. Please see my article on Installing the MIM on SharePoint Server.
In the previous version of SharePoint, we controlled the User Profile sync from the central admin but in SharePoint 2016, it is a different story. This is a kind of manual process but simple, in which you have to setup a couple of Schedule Tasks to run the full and incremental sync. You can create these tasks using the Script available on Github site collection.
Before we start, we need
- Microsoft Identity Manager 2016 Sync engine and ForeFront Identity Manager Connector for SharePoint User Profile Store is installed.
- You should log on SharePoint Server with Farm Admin account, with local admin rights. Without Local admin, you will not able to run the sync.
- Domain Account which has SharePoint access Make sure Following AD Details are ready.
- ForestDnsName
This is the DNS name of the Active Directory forest to be synchronized. i.e krossfarm.com
- ForestCredential
This is the username and password of the account that will be used to read objects from Active Directory. This account must have Replicate-Directory-Changes permissions in the Active Directory that is to be synchronized. This is the same kind of account which we used in the previous version of SharePoint. i.e. Krossfarm\KFadSyncAccount
- OrganizationalUnit
This is the distinguished name of the Active Directory container to be synchronized. You can add more containers after the configuration is loaded. To add more containers, use the Synchronization Service Manager GUI interface to modify the ‘AD’ management agent.
- Make Sure Following SharePoint Connection Details are ready.
- SharePointUrl
This is the URL of the SharePoint Server running the User Profile Service application. This is Central Admin URL. for example, http://KFAppServer:1234.
- SharePointCredential
The username and password of the account used to connect with SharePoint User Profile. This account will read and write the object in SharePoint User Profile Store DBs.I.e krossfarm\KFUPAdmin
- Download the following Solutions File, which is available at GitHub.
- SharePointSync.psm1
Windows PowerShell module for deploying and starting the synchronization solution.
- MA-AD.xml
This is the MIM management agent for Active Directory.
- MA-SP.xml
This is the MIM management agent for SharePoint Server.
- MV.xml
This XML file contains additional User Profile Synchronization configuration.
- Place the all downloaded files on MIM Server i.e c:\SharePointSynchronization
- User Profile Service is property and External Identity Manager Enabled Option is selected under the Configure Synchronization Settings.
Configure at SharePoint Central admin
In order to configure the MIM sync with the User Profile Service, we have to configure the Synchronization settings.
- Go to Central Admin > Application Management > Manage Service Application > Click on User Profile Service.
- On manage Profile Service Page, click on Configure the Synchronization Settings.
- Make sure that Enable External Identity Manager is Selected and click OK.
Install the SharePoint Server Synchronization Configuration File at MIM Server
Now, we will install the solution files and configure the sync. Please place all the downloaded solution files in the same directory.
- Place all downloaded solution files in a directory.
- Open the PowerShell Console (Run as Administrator).
- In PowerShell window, first import the SharepointSync.psm1 file.
- ### Load the SharePoint Sync Module
- Import-Module C:\SharePointSync\SharePointSync.psm1 -Force
- Now, install the SharePoint configuration Sync using the information which you collected initially.
- ### Install the SharePoint Sync Configuration
- Install-SharePointSyncConfiguration
- Path C:\SharePointSync
- ForestDnsName krossfarm.com
- ForestCredential (Get-Credential Krossfarm\KFadSyncAccount)
- OrganizationalUnit ‘ou=employee,dc=krossfarm,dc=com’
- SharePointUrl http://KFAppServer:1234
- SharePointCredential (Get-Credential krossfarm\KFUPAdmin) `
- Verbose
- Open the NotePad, Copy the script with your values and Save the File as Sync.ps1
- Now, run that File.
- It will ask you for password for both accounts ( ForestCredential and SharePointCredential)
SharePoint Sync Configuration is completed. Now, run the Sync.
Run Sync
To run the full / delta Sync, we have to run the command in the PowerShell ( Make sure that you run the import-module command before and in the window).
- If you want to see the impact of this synchronization, like what will be imported, you can preview it using the –WhatIF parameter with sync command.
- Start-SharePointSync -WhatIf -Verbose
- To start the Full Sync, run the following command.
- Start-SharePointSync -Confirm:$false
- To start the Incremental / Delta Sync, run the following command.
- Start-SharePointSync -Delta -Confirm:$false
Note If you close the PowerShell window, then you have to import the Sync Module
Import-
Module”C:\SharePointSync\SharePointSync.psm1″
Note
If you will not use the -Confirm:$false parameter in your command, then you have to make sure that you watch the windows so that you can press Y to allow the import of profile in SharePoint, otherwise the import will not complete.
This will complete the configuration of the User Profile Sync with Microsoft Identity Manager. Now, if you want to apply the custom connection filter or property mapping or adding additional domain, then please continue to the Next parts.
See Also
Please follow the below articles for next steps.
- Step by Step: Installation of Microsoft Identity Manager for SharePoint 2016 User profile Service-Part-1
- Step by Step: Configuration of Microsoft Identity Manager for SharePoint 2016 User Profile-Part -2
- SharePoint 2016 User profile Service and MIM: Apply the Connection Filter – Part -3
- MIM 2016 with SharePoint 2016 User Profile service: Import Custom Property from Active Directory – Part – 4
- MIM with SharePoint Server 2016 User profile: Add more Active Directory Domain for Synchronization. Part - 5