In SharePoint 2010 we introduced FIM which acted as a broker of sorts when bringing profiles from AD into SharePoint. One of the key reasons for this add was to allow companies to not only pull AD info into SharePoint but also to push information from SharePoint back to AD. This was a key change from Microsoft Office SharePoint Server 2007 or MOSS 2007 as we generally called it. The synchronization method was a very simple one way pull from AD which didn’t allow a lot of flexibility.
One of the pains that were felt with User Profile Service Application (or UPSA, UPA, Dir Syncer or whatever folks like to refer to it) was that it required more steps to configure than just going into the UI and
clicking a couple buttons as we Admin types are generally fond of doing. Early on in the process my buddy Spence wrote the manifesto on how to properly create this. There was a lot of bad guidance floating
around out in the webosphere on how to do this and pretty much all of them were wrong. As much as it pains me to admit as I don’t want to inflate an ego but one of the questions I would always ask
my customers when they deployed SharePoint 2010 went a little like this:
Me – Oh great it looks like you have every Service Application provisioned (this to me 99% of the time pointed me to the fact that they used the FCW (Farm Configuration Wizard) to deploy the farm) More
to come from that another time but this is a bad plan for Production Farms. Fine for Dev or Test but Prod….Please don’t do this.
Customer – Yep it was simple but I can’t seem to get the User Profile thing working
Me – did you follow any guidance out on the web for this?
Customer – No I just let SharePoint handle it
Me – rubbing my hand through my hair wondering what a proper response would be while continuing to be a Trusted Advisor……
Me – You know we have a couple excellent documents out there that detail what needs to be done here to configure this. Namely TechNet or my buddy with the sillypurple page In fact if you follow
this guide step by step you will always have a successful experience in deploying UPA.
Getting back on track to the point of this post is to inform you that those guides are still fully relevant today in SharePoint 2013. There is however one exception to this. Along with the previous mentioned method to Profile Synchronization we have also included the previous method of import…It’s called Active Directory Direct import and think of this as the lightweight import method.
The method of implementing this is not right in front of your face though. When I first started looking at this I would have assumed that they would add this functionality at the point where you create your Profile Synch but this lives in a different area. I will highlight both SharePoint 2010 and 2013 in the following screenshots to show this:
SharePoint 2010 (notice the arrow pointing to Configure Sync Settings)
SharePoint 2013 (Notice that the screens look remarkably similar)
SharePoint 2010 (Configure Sync Settings)
SharePoint 2013 (Configure Sync Settings)
As I am illustrating here this is where you would differentiate between the two methods. By default we are setting this for FIM but if you choose to go with AD Direct you would set this at this location.
One additional thing to note here is that in the previous version we had to have Replicate Directory Changes set via Delegate Control in Active Directory. This is still a necessary step for either method you choose here.
Additional Note: Spence informed me that he recently put out an updated article
that can be found here