Unable to start User Profile Service Application – Starting

The User Profile Synchronization service for SharePoint 2010 or 2013 can fail to start for numerous reasons. This post is for when the User Profile Service Application(UPA) is stuck on Starting. This prevents anybody from creating connections or syncing users. This will prevent the User Profile Service Application from functioning properly. ULS shows the topology.svc…

0

SAML roles and SharePoint 2016/2013 with OAuth

Roles (security groups) with SAML/ADFS will not work with OAuth without some more configuration and patching. OAuth affects 2013 Workflows, Office Web Apps, Provider Hosted Apps, Cross Farm Publishing/Consuming scenarios, Hybrid, etc. There are a few steps and requirements that are needed for this to work. KB 3203164 has some great information on this topic…

0

Migrate Users (Move-SPUser) when moving from Windows to SAML/FBA

When adding another authentication provider to a web application like ADFS(SAML) or FBA(LDAP), SharePoint sees these users and roles(groups) as entirely different users and groups than Windows counterparts. The backend Active Directory might be the same along with usernames and passwords but to SharePoint these are different users. Different Users, Different Permissions I’ve deployed ADFS…

0

Deleting User Profiles Using PowerShell

There are many reasons why we would want to use a PowerShell shell script to delete user profiles. We don’t want to use or trust the My Site Cleanup job. We have a batch of stub user profiles that need to be deleted. We just want to delete some user profiles for testing purposes. We…

1

SharePoint 2016 MIM and SAML/FBA User Profiles

There is not much out there about MIM and SharePoint 2016 with FBA or SAML user profiles.  Using Active Directory Import is still the same as it was in 2013.   Below we will be going through how to set this up for SAML(ADFS) and MIM. This guide assumes the environment has been setup from these…

5

SharePoint 2013/2016 – Migrate from Windows claims to ADFS

Many farms are moving from Windows Authentication(NTLM or Kerberos) to SAML. This migration and change requires a lot of planning. This guide is only to give a frame work of migrating some of the simpler farms. This guide also assumes that the ADFS server is already setup and just needs to be configured. The difference…

2

The Pitfalls of Resetting the Config Cache

I see many SharePoint admins resetting the config cache but not knowing what it is or what it does.  This seems to be a go to action for anything wrong with SharePoint along with IISReset, PSConfig, and rebooting the servers. What is the Config Cache? The config cache is a copy of your objects table…

2

User Profile Picture Import with Active Directory Import(Dirsync)

UPDATE 8/16/17 My colleague, Josh, wrote a great post on his blog detailing the benefits and considerations when moving to ADI. https://blogs.technet.microsoft.com/spjr/2017/08/14/sharepoint-considerations-when-switching-from-fim-sync-to-ad-import/ SharePoint 2013 introduced Active Directory Import. This is built on a technology called DirSync. There are many advantages with using Active Directory Import. We do not need to start up the User Profile…

5