SharePoint 2010: User Profile Synchronization Service decoded! Part-2


Link for Part-1

http://blogs.technet.com/b/sykhad-msft/archive/2013/04/20/sharepoint-2010-user-profile-synchronization-service-decoded-part-1.aspx

 

Contd...

 

Contents of Part-2: 

  • Sync DB reset and when does it help? 
  • Enabling NetBios name on UPA and under what scenarios?
  • What happens during Profile Synchronization?
  • When to make use of User Profile Replication Engine (UPRE)
  • Should I restart UPSS every time I apply cumulative updates/Service Packs for SharePoint Server 2010?

 

1. Sync DB reset and when does it help? 

 

What does Sync DB reset do? It will flush the Sync DB completely and clear all the contents in it.

  • Resetting Sync DB should be done as a last resort, consider resetting the Sync DB when:

a. Sync information being inconsistent, something like Profile Picture which is coming from AD disappears or reverts to old image

b. Few Properties which are Imported from AD into SharePoint show up for a few Users, but not for everyone. The same can be true for Export as well

c. When you have modified things manually on the FIM Client

d. When information comes into Sync DB but not the Profile DB

  • Things to be reconfigured after a reset of Sync DB, what will be lost & what will remain intact?

a. All sync information will be lost

b. The AD Sync Connection will be deleted

c. After the reset of Sync DB, Restart UPSS, re-create AD Sync connection, Map all the User Properties (both Out of the Box and Custom) & perform Full Profile Import

d. All the User related information like Profile Pictures, About Me, Social Tagging data, etc. the data which resides in Profile DB and the Social DB, these information will be intact even after we perform a reset of Sync DB

 

2. Enabling NetBios name on UPA and under what scenarios?

 

  • How to determine if there is a need to enable the NetBios name on the UPA?
    • Go to the SharePoint Server, right on 'My Computer' & click on Properties, look for the domain name, for example, the name is sykhad2 as shown below:

    • Now on the same SharePoint Server, open command prompt and run the command "whoami" without the double quotes, for example in my case I get the output as: "sykhad20\administrator" as seen below:

    • Ideally even here it should come up as "sykhad2\administrator" since DC NetBios name is different than the Domain Name we see this difference.

      Here is another picture to show the same

       

  • What happens if we do not enable the NetBios name on the UPA?

If your farm qualifies to enable the NetBios name on the UPA, & you do not enable and perform a profile import, the User Accounts will be displayed as:

"sykhad20\administrator"

"sykhad20\user1"

"sykhad20\user2" and so on

 

Which is incorrect, they should rather be displayed as:

"sykhad2\administrator"

"sykhad2\user1" 

  • How to enable the NetBios name?

On the SharePoint PowerShell run the following commands:

 

 

Get-SPServiceApplication

$upa = Get-SPServiceApplication –Identity "UPA GUID"

$upa.NetBiosDomainNamesEnabled

 

(Note: if the Netbios name is enabled, the Output will be TRUE for the above command, FALSE if not enabled)

 

Setting it to True:

$var.NetBiosDomainNamesEnabled = 1

$upa.update()

 

Setting it to False:

$var.NetBiosDomainNamesEnabled = 0

$upa.update()

 

You can also refer: http://technet.microsoft.com/en-us/library/ee721049.aspx#NetBIOSProc

 

The output will be shown as seen below:

 

  • Few more takeaways on NetBios names:
  1. Say you realized that your SharePoint farm needs a NetBios name to be enabled, all this while it was not enabled and we have been performing profile imports multiple times. Just enabling the NetBios name using the above commands alone is not good enough. We will have to delete the old AD Sync connection first, then enable NetBios name, restart UPSS and create a new AD Sync connection
  2. For some reason if you are unable to delete the existing sync connection before enabling NetBios name, I would prefer to do a Reset of Sync DB which will clear the connection, and you can then enable NetBios name on the UPA
  3.  Unable to perform profile import, When we check on the MIIS Client we get error: Replication access was denied, error code:8453, even after we have 'Replication Change Directory Permissions' on AD
  4. When NetBios name and FQDN name are different,  we have to also give replication directory change permissions even on the Domain Configuration partition.
    1. Refer- http://blogs.technet.com/b/steve_chen/archive/2010/09/20/user-profile-sync-sharepoint-2010.aspx

 

 

3. Troubleshooting issues after the UPSS has started successfully

  • Errors while creating AD sync connection:

I have a separate blog which covers this section, refer:

http://blogs.technet.com/b/sykhad-msft/archive/2012/03/15/sharepoint-2010-errors-while-creating-ad-sync-connection-on-user-profile-service-application.aspx

 

 4. What happens during Profile Synchronization?? 

 

When we get into the MIIS Client, we see various stages being shown when we run Profile Imports, let's see what it actually means:

 

  1. FullImport: From AD into FIM Sync DB
  1. FullSync: Sync all the objects
  1. DeltaImport: Only Imports the changes since the last FullImport/DeltaImport
  2. DeltaSync: Sync all the objects
  1. Export: Export all changes objects into Connection DB and then to associated Data Source

 

In simple English, when we perform a Profile Import from AD into SharePoint:

 

The information flows from AD into the Sync DB (which is our FIM DB) and from Sync DB to the à Profile DB

And when there is an Export from SharePoint to AD, say you are trying to export Profile Pictures from SharePoint into AD, the then process would be reversed:

The information flows from SharePoint à into the Sync DB (which is our FIM DB) and from Sync DB to the à Active Directory 

 

5. When to make use of User Profile Replication Engine (UPRE)

 

UPRE comes into picture when you want to copy over the contents from one UPA to another. Consider a scenario where you have a lot of custom properties created on the UPA, Users have updated a lot of information manually into the Profile DB like, About Me, Skill Sets, Telephone Number, Profile Picture, and the UPA also has a lot of Tagging data which resides in the Social DB, and this UPA goes corrupt for some reason and you realize the only way to get things working is by creating a new UPA.

However you don’t want to lose any data from the Profile & Social DBs.

 

In such cases, we have this PowerShell utility called UPRE, which is designed to copy over all the contents from one UPA to another. I personally did not have much luck using this tool, however if the data is crucial you may want to give a shot using this tool

Please refer - http://technet.microsoft.com/en-us/library/cc663011.aspx

 

 

6. Should I restart UPSS every time I apply cumulative updates/Service Packs for SharePoint Server 2010?

 

The answer is Yes!

  • We now know that, the  schema population & table creation on the Sync DB happens only during starting the UPSS, and this DB is governed fully by the FIM Client and not by SharePoint
  • So when we patch the SharePoint Servers, we run the SharePoint Configuration Wizard to complete the process of upgrade, and during the SharePoint DBs will get upgraded
  • To check the version of the SharePoint DBs, we run the command:

select * from versions

  • We can run this query on all the SharePoint DBs including Profile & Social DBs, but not against the Sync DB, as there is no table called "versions" in the Sync DB
  • For example: I ran this command on the Profile DB and I see the version information as seen below:

 

 

  • However if I want to check the same version information for Sync DB I should run the query:

select * from versioninfo

 

 

  • If you open the MIIS Client, and click on Help à About, you will see the same version as seen above:

 

  • The Bottom line is, the SharePoint Configuration Wizard does not touch the Sync DB, only when we restart the UPSS after applying updates the Sync DB gets updated

 

 

Hope you enjoyed reading this!

 

Please feel free to comment, ask questions & let me know if there is anything else which you want me to include as a part of this blog!

 

Enjoy SharePointing!!!

 

 

 


Comments (3)

  1. Deb Dorn says:

    Thank you!  That's all I've been looking for.  I know what it does, but just needed it in simplest terms!

  2. kate4 says:

    Under point 2. Enabling NetBios name on UPA and under what scenarios?, Setting it to True: the first line should be $upa not $var

  3. ryan says:

    Am I the only one who doesn’t see the steps to reset sync db in the referenced article?

Skip to main content