SharePoint 2016 – MIM 2016: Full Sync does not export profile pictures to Active Directory

Consider the following scenario: You have SharePoint 2016 configured to import user profiles using Microsoft Identity Manager (MIM) 2016 as the External Identity Manager. You have configured MIM to import profile pictures from Active Directory (AD). After the pictures have been created in SharePoint, you decide to reverse the flow to export profile pictures from…


SharePoint: Managed Metadata: The term is not a valid term

  The main point of this post is to create awareness around the fact that you can use the CreateTerm PowerShell method on a TermSet object to create a new managed metadata term with a specified Term ID. You’ll have to read to the end to understand why that’s a big deal, and to see…


SharePoint – People Picker times out – Hybrid App Launcher issue

  This was a really unique situation where a network problem for the Hybrid App Launcher caused People Picker to intermittently time out and display no results. Note: The two features are not directly related as you’ll see below.   Let me explain:   When you configure Hybrid OneDrive and Sites in SharePoint 2016, it…


SharePoint 2010 – 2013: FIM Sync does not remove profiles for users that were deleted from AD

  Consider the Following Scenario: You’re using SharePoint Profile Synchronization (FIM Sync) to import user profiles from Active Directory (AD) into a SharePoint 2010 or 2013 farm. Users that have been deleted in Active Directory still show active user profiles in the User Profile Service Application (UPA). They also show up in People Search results…


SharePoint: MIM 2016 Export for SharePoint MA fails

    Consider the following scenario: You have SharePoint 2016 set up to import user profiles from an External Identity Manager. We’ll say you’re using Microsoft Identity Manager (MIM) 2016 to import profiles from some 3rd party LDAP directory. The profiles should be imported as Trusted Provider type users (SAML-claims). You run a Sync, and…


SharePoint: The Complete Guide to portalsuperuseraccount and portalsuperreaderaccount

  What are the Super User and Super Reader accounts for? This is explained pretty well on Technet here: In general, they are used in the process of making SharePoint Publishing sites (any site using the publishing features) render quickly and efficiently. Please keep in mind that these accounts aren’t actually required to be…


SharePoint 2016: Office documents prompt for authentication on anonymous site

  Consider the following scenario: You have a SharePoint 2016 site that has been enabled for anonymous access. You have some Microsoft Office (Word, Excel, PowerPoint, etc) documents in a library that anonymous users also have access to. A user clicks on a (for example) Word document to open it. They receive a credential prompt,…


SharePoint: Common NTLM Authentication Issues, aka: Consider Ditching NTLM

NTLM authentication is not great. It’s not the fastest. In most cases, that honor would go to Kerberos. It’s not the most secure. Again, Kerberos. It’s not all that flexible. For example, it doesn’t work well for extranets or anything cross-firewall. In those scenarios, Trusted Provider auth (SAML / WS-Fed) works well.  See: AD FS….


SharePoint: Quick Troubleshooting Tip: HTTP Response Headers

Often in troubleshooting SharePoint, we’re interested to know on which Web-Front-End (WFE) a certain request landed. When you have multiple WFEs that are load balanced, this is not easily discernable. One trick is to edit your HOSTS file and point the load balanced URL at the IP address of one WFE. That method certainly has…


SharePoint: People Picker shows disabled user accounts in domain migration scenario

This is one that has plagued SharePoint admins since SharePoint 2007 and earlier.  There are a few other posts out there that mention this behavior, but as far as I can tell, none of them offer a complete solution. Consider the following scenario: The SharePoint farm exists in DomainB. You have users in DomainA. You…