Joseph Michael Pesch
VP Programming

Sharepoint - User Profile Synchronization Proccess

by 9. April 2013 10:52

When the user information is synchronized from Active Directory (AD) into Sharepoint there are two basic processes. 

First, User Profile Service Application running under the Sharepoint Services on Server is what actually imports data from AD into Sharepoint.  This can be customized to select specific AD attributes and can also be configured to export data back from Sharepoint to Acitve Directory.  This could be useful if you want to allow Sharepoint users to update selected attributes directly in Sharepoint and publish them back to Active Directory.  You can view the current status of an active synchronization by using the Forefront Identity Manager (located at [InstatllationDrive]:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe).  The Sharepoint Service relies on the "Forefront Identity Manager Service" which must also be running on the Sharepoint server that is running the synchronization service.

That process simply creates, updates and deletes the records in the Sharepoint User Database by inspecting the current state of Active Directory.  To have the information visible in the Sharepoint People search and liked visually to organizational heirarchy it must also be propogated into the corresponding Sharepoint content databases.  That portion of the process occurs through the User Profile Sync Timer Job (running under the Sharepoint Timer service) which typically runs at the top of each hour.

IMPORTANT NOTE: If you use the People Picker in Sharepoint to locate user it will locate users directly in Active Directory (i.e. even if they have not been synchronized or setup in Sharepoint previously).  If you then add a user to a library, list, etc. (i.e. grant them permissions, add to a group, etc.) they Sharepoint will create a user stub record in the User Database with minimal data (basically just the user id and guid).  Next time the synchronization process runs it will update all the additional user attributes based on how the service is configured.  In my case the synchronization process was failing so there was some confusion as to how some users were getting into the Sharepoint environment with minimal data (i.e. they were getting added when they were granted permissions to resources in Sharepoint).

A couple of maintenance items that can help if these processes start failing:

1) Clearing the User Profile Sync Table - Over time the data in this table will get corrupted specifically when dropping and attaching databases this is a known issue.  In order to see a list of the entries you can use the listolddatabases commande below.  To clean up the corrupted data you can run the deleteolddatabases command below which will delete all entries that have not been successfully updated since 1 day ago (i.e. the last parameter is the number of days since last update).

STSADM -o sync -listolddatabases 0
STSADM -o sync -deleteolddatabases 1

2) Clear the configuration cache on the servers in the Sharepoint server farm:

To resolve this issue, clear the file system cache on all servers in the server farm on which the Windows SharePoint Services Timer service is running. To do this, follow these steps:
  1. Stop the Timer service. To do this, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Services.
    2. Right-click Windows SharePoint Services Timer, and then click Stop.
    3. Close the Services console.
  2. On the computer that is running Microsoft Office SharePoint Server 2007 and on which the Central Administration site is hosted, click Start, click Run, type explorer, and then press ENTER.
  3. In Windows Explorer, locate and then double-click the following folder:
    Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config\GUID
    • The Drive placeholder specifies the letter of the drive on which Windows is installed. By default, Windows is installed on drive C.
    • The GUID placeholder specifies the GUID folder.
    • The Application Data folder may be hidden. To view the hidden folder, follow these steps:
      1. On the Tools menu, click Folder Options.
      2. Click the View tab.
      3. In the Advanced settings list, click Show hidden files and folders under Hidden files and folders, and then click OK.
    • In Windows Server 2008, the configuration cache is in the following location:
  4. Back up the Cache.ini file.
  5. Delete all the XML configuration files in the GUID folder. Do this so that you can verify that the GUID folder is replaced by new XML configuration files when the cache is rebuilt.

    Note When you empty the configuration cache in the GUID folder, make sure that you do not delete the GUID folder and the Cache.ini file that is located in the GUID folder.
  6. Double-click the Cache.ini file.
  7. On the Edit menu, click Select All.
  8. On the Edit menu, click Delete.
  9. Type 1, and then click Save on the File menu.
  10. On the File menu, click Exit.
  11. Start the Timer service. To do this, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Services.
    2. Right-click Windows SharePoint Services Timer, and then click Start.
    3. Close the Services console.
    Note The file system cache is re-created after you perform this procedure. Make sure that you perform this procedure on all servers in the server farm.
  12. Make sure that the Cache.ini file has been updated. For example it should no longer be 1 if the cache has been updated.
  13. Click Start, point to Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.
  14. Click the Operations tab, and then click Timer job status under Global Configuration.
  15. In the list of timer jobs, verify that the status of the Config Refresh entry is Succeeded.
  16. On the File menu, click Close.
Original link to these clean up steps:



Comments are closed