.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Import user profile from another domain active directory

Posted By:      Posted Date: September 03, 2010    Points: 0   Category :SharePoint
Hi, I have SharePoint 2010 running on DomainB andwe have corporate users on DomainA. i need to import users from both domainA and DomainB. I am able to import users from domainB and not able to import users from DomainA. I made a successful connection to both Domain A Ad and DomainB AD in SharePoint 2010 user profile synchronize connections. I am able to sync users only from DomainB (SharePoint 2010 running on domainB) and not able to synchronize profiles from DomainA (outside domain). Is there any additional configuration I need to do. Please help me on this issue. Thanks, Ratna

View Complete Post

More Related Resource Links

Unable to see Active Directory Groups in the User Profile Database after Profile Import

SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup: AD/DNS SQL 2008 WFE APP Claims Mode Web App only using Windows Integrated Auth So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article: InfoPath - User Roles in Browser-Enabled Forms Using AD Groups.  I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all.  Typically, the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though). My user profile sync is working.  All AD users are pulled in with the proper profile data. "Users and Groups" is selected in the Synchronization Entities section of my Sync Settings. Security groups are working for permissions and audience targeting.  Confirmed my users are affected properly by the use of Security Groups. My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites. The GetUserProfileByName method of the same UserProfileService.asmx web service returns all the regular profile data

Is there a way to undo/remove/delete an active directory user profile syncronization? [SP 2010]


I successfully managed to synchronize the active directory with Sharepoint 2010.  Unfortunately, the farm I was on has different FQDN /Netbios domain names.  So all ~1000 user profiles are now imported with the wrong domain, and the subsequent errors one would expect.


Is there a way to get back to a blank slate?  technet has an article on "resetting" profile synchronization (http://technet.microsoft.com/en-us/library/ff681014.aspx), but that requires being able to verify the GUID of the user profile synchronization database, which I am also unaware of how to do.


Please help, and thank you in advance.

Accessing Active Directory's User Profile Information in InfoPath Form



I want the User Profile information in InfoPath Form from active directory and I want complete information of currently logged in user which include:

User Name, First Name, Last Name, Email Address, Designation, Company, Manager Name and everything which is in the profile of user in Active Directory. Please help me in getting this.


M Kamran Rafi

Problem Import Pictures into User Profiles from Active Directory


I have problems with getting the pictures from Active Directory (Field "thumbnail Photo") into my Sharepoint User Profile Store and displaying it in the MySites.

Profile Synchronization is working fine, the field Picture is mapped to thumbnailPhoto.

Then for finishing the process I execute the following powershell command: 

Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation "http://mysite.vz.ch/my"

I execute this command under the user context from the account which has all the necessary AD-Rights. I do this with "start-job -Credentials $cred -ScriptBlock $sb" where -Credentials for the AD Sync Account and $sb for the above Powershell Script (Update-SPProfile....).

For this I had to give rights to the sync account on the user profile service application (administrator and permission button, I know). Also I had to give "db-owner"rights on the Configuration Database and also on the MySite Database for this sync account. I found this out via ULSLogViewer.

Now it is working as far that the scripts enumerates all user profiles and tries to process the images. But in ULSLogViewer I have the following error message:

"Error processing the photo URL User Photos/Profile Pictures/0c37852b-34d0-418e-91c6-2ac25af4be5b_652.jpg for user ZH01\BEr: System.U

Error on Display user's fullname using Active Directory in asp.net using vb.net



wi As System.Security.Principal.WindowsIdentity =  _System.Security.Principal.WindowsIdentity.GetCurrent()



Dim a As String() = HttpContext.Current.User.

Domain & Active Directory


Scenario 1:

Site user visits http://intranet/ , authenticates using intranet\username as username using proper password. Everything works fine.

Scenario 2:

Site user visits http://somedomain.com (that is forwarded to IP address of "intranet") , sharepoint opens, authenticates sometimes but sometimes it wont. Even if it authenticates user , some actions (edit an item) pops up authentication dialog box and fails to authenticate further even with correct credentials.


Do I need to add somedomain.com to Domain Controller of "Intranet"?  It is running 2k3 windows, IIS, Domain controller, sharepoint WSS 3.0 server (Internal).



Please advice,


Active Directory user impersonation with forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:<identity impersonate="true" /> but that doesn't seem to work. I also have the C# code using the WindowsImpersonationContext class, but still no luck. protected void titleTextBox_TextChanged(object sender, EventArgs e) { TextBox tb = (TextBox)sender; string fieldTitle = "job title"; string fieldName = "title"; if (userDirectoryEntry == null) CaptureUserIdentity(); try { WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate(); if (String.IsNullOrEmpty(tb.Text)) userDirectoryEntry.Properties[fieldName].Clear();

BDC Import for user profile picture

I am attempting to populate the user profile property 'Picture' with data from a BDC connection. My column from the BDC contains urls but SharePoint will not allow me to map Picture to the column. I"m guessing this is because the property is expecting a strongly typed Url type. That doesn't help me though. So, has anyone successfully mapped the Picture property to a field from a BDC connection. (-SN: I know the field can be mapped to AD but I need it mapped to a BDC) Thanks in advance.

User Profile Service - "The specified user or domain group was not found"

Hi there, I had configured the User Profile Service and all was working well (Syncing with AD etc.). However, something has gone wrong. The services still appear to be running; both Forefront Identity Manager services are running, and the services show as 'Started' in Central Administration. The 'My Profile' and 'My Site' options have disappeared though, and browsing to the My Sites page results in an error (Could not load user profile). To make matters much worse, it seems to have also broken the Central Administration site. If I try and go to 'Manage Service Applications' I get another error (The specified user or domain group was not found). This error seems to come up on around half of the pages on the Central Administration site. Looking up the error (abb6b174-0f71-413a-a27a-41cdc87b66d0) in the logs I find this: 09/06/2010 15:35:45.44  w3wp.exe (0x0868)                        0x06A0 SharePoint Portal Server       User Profiles                  cm6y High     User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileA

Permissions for Profile Field Export to Active Directory

I have a service account which is currently configured with the following permissions in the root of the domain: Allow Replicate Directory Changes Allow Write Mobile Number Allow Write Fax Number Allow Write thunbmailPhoto Do I need to assign the Allow Read permission in additon to this for FIM to be able to export to these three properties, and do I need any other permissions to be assigned?Richard Green, MCSE Windows Server 2003

User Profile Synchronization: Name of user account / id uses wrong Netbios domain name?!

I've got an interesting situation: I've got a domain e.g. FOOBAR.FI. The Netbios domain is due to historical reasons BARFOO. When I use UPS to import accounts from the FOOBAR.FI domain, the user account names in SharePoint are given the id of FOOBAR\<useraccount>. This works so and so. Users are identified and My Sites is fine. However the organizational chart and other fields where you can specify another user don't work as they should. If the manager is specified from AD, the organizational chart works. However, if I edit a profile and check the manager, it's in the form of FOOBAR\<useraccount>. SharePoint highlights this and a tooltip says that the account cannot be found. As a suggestion, it gives BARFOO\<useraccount>, which is found from the AD. All fine and dandy, until you check the organizational chart, which turns out to be empty at this point. This is because in SharePoint there's no user with the name BARFOO\<useraccount>, but only those FOOBAR\<useraccount> users who've been imported from the AD. So bottom line question is: How does UPS select and set the user account name?

how to import user Profile Picture already stored in AD as thumbnailphoto or jpegphoto


We already store out photos in AD using both the thumbnailsphoto and jpegphoto properties. Outlook2010 shows the user profile correctly. Now we want to sync sharepoint 2010 with AD and retreive the photo. I currenrlt have it setup as mentioned in this MSDN post to Export.


Is it odd that the thumbnailphoto and jpeg photo have been in AD since at least 2007( I think they were even in 2003 schema) but that this user profile syncing to those two atributes isn't the default behavour? Outlook 2010 used those photos instantly, yet sharepoint can't out of the box?


I've opened a Case with MS about this. I'll post findings here.

**Edit 2**

Also the previous method used in Moss 2007 doesn't work wither. Setting the URL to the photo in an AD ExtensionAttribute1 and having sharepoint import it.

Active Directory User validation field in ASP.NET


I like to add a field that add active directory user in ASP.NET Web Application .




Thanks in Advance



Active Directory - User Deletion - Sync with MOSS 2007


Greetings -

I need to know if there is a sync tool that can scan all sites in a site directory and remove users that have been deleted or marked inactive within Active Directory?  I work in a company which has freaquent turn over in some positions due to internships and the like and I want to ensure that we have clean site permissions. 

Thank you for any suggested sites or addins. 


How do we create new User Profile Synchronization connection so that we can import profiles from AD

We have a requirement to authenticate users against Active Directory LDS in our SP 2010 farm and also import their profiles in user profile store. We are able to setup FBA using AD membership provider to authenticate against AD LDS.

I am interested in importing the users in AD LDS to SharePoint user profile store. 

When I try to create a new connection the options that I am provided are 
1. Active Directory
2. Active Directory Logon Data
3. Active Directory Resource.
4.SunOne (LDAP) 5.2
5.Novell eDirectory (LDAP) 8.7.3
6.IBM Tivoli (LDAP) 6.2

If I select any of the options 1/2/3 I am asked to provide Forest Name and Domain Controller name. Since this is AD LDS there is no Forest or Domain Controller. It’s just a generic LDAP server.  

So the question I am struggling with  is: what are the steps required to create a User Profile Synchronization connection to import users from AD LDS and not from AD DS? 

We are not able to find any information how to do that in SP2010… From other blog entries I am assuming it was supported and documented for MOSS2007.

There is NO “LDAP Directory” connection type in SP2010.

I am wondering if this is supported in SP2010.


Can I pass a user's active directory group as a parameter to reporting services?


Hi there,

I am wondering if I can pass a user's active directory group as a parameter to reporting services? If so, how can I do that (e.g. where can I get that group from?)?

Is there something as User.UserID for active directory groups?

Many Thanks and best wishes



User Profile working, but domain in the Account Name field is incorrect


Profile import is working with a small set of users from just one OU. The synchronization connection has a Forest Name of "corp.mycompany.com", just like in our current profile settings in MOSS 07.

However, the user profiles created are listed with "corp" as the domain, not "mycompany".

E.g. my profile Account Name shows "corp\eriehl", but it should be "mycompany\eriehl".

How do I update this reserved property to contain the correct value for our domain?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend