.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Permissions for Profile Field Export to Active Directory

Posted By:      Posted Date: September 08, 2010    Points: 0   Category :SharePoint
I have a service account which is currently configured with the following permissions in the root of the domain: Allow Replicate Directory Changes Allow Write Mobile Number Allow Write Fax Number Allow Write thunbmailPhoto Do I need to assign the Allow Read permission in additon to this for FIM to be able to export to these three properties, and do I need any other permissions to be assigned?Richard Green, MCSE Windows Server 2003

View Complete Post

More Related Resource Links

Import user profile from another domain active directory

Hi, I have SharePoint 2010 running on DomainB andwe have corporate users on DomainA. i need to import users from both domainA and DomainB. I am able to import users from domainB and not able to import users from DomainA. I made a successful connection to both Domain A Ad and DomainB AD in SharePoint 2010 user profile synchronize connections. I am able to sync users only from DomainB (SharePoint 2010 running on domainB) and not able to synchronize profiles from DomainA (outside domain). Is there any additional configuration I need to do. Please help me on this issue. Thanks, Ratna

Unable to see Active Directory Groups in the User Profile Database after Profile Import

SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup: AD/DNS SQL 2008 WFE APP Claims Mode Web App only using Windows Integrated Auth So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article: InfoPath - User Roles in Browser-Enabled Forms Using AD Groups.  I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all.  Typically, the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though). My user profile sync is working.  All AD users are pulled in with the proper profile data. "Users and Groups" is selected in the Synchronization Entities section of my Sync Settings. Security groups are working for permissions and audience targeting.  Confirmed my users are affected properly by the use of Security Groups. My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites. The GetUserProfileByName method of the same UserProfileService.asmx web service returns all the regular profile data

Is there a way to undo/remove/delete an active directory user profile syncronization? [SP 2010]


I successfully managed to synchronize the active directory with Sharepoint 2010.  Unfortunately, the farm I was on has different FQDN /Netbios domain names.  So all ~1000 user profiles are now imported with the wrong domain, and the subsequent errors one would expect.


Is there a way to get back to a blank slate?  technet has an article on "resetting" profile synchronization (http://technet.microsoft.com/en-us/library/ff681014.aspx), but that requires being able to verify the GUID of the user profile synchronization database, which I am also unaware of how to do.


Please help, and thank you in advance.

Active Directory User validation field in ASP.NET


I like to add a field that add active directory user in ASP.NET Web Application .




Thanks in Advance



Accessing Active Directory's User Profile Information in InfoPath Form



I want the User Profile information in InfoPath Form from active directory and I want complete information of currently logged in user which include:

User Name, First Name, Last Name, Email Address, Designation, Company, Manager Name and everything which is in the profile of user in Active Directory. Please help me in getting this.


M Kamran Rafi

Configuring Profile Image Export in SharePoint 2010

It's no secret that I am thrilled with the new social features of SharePoint 2010. I am most excited about the new Profile Picture handling. I strongly believe that the more we can show the faces of our colleagues to one another the more connected we will feel. Clearly Microsoft feels that way as witnessed by the many features that make use of the Profile Image like the Activity Feed and Colleagues list

How to set SearchRoot Path in Active Directory in this scenario


How to set SearchRoot Path in Active Directory in this scenario:

Functionality: We have scenario that 1<sup>st</sup> hit one LDAP server with some 'fixed user name' &' fixed password ' and filter data with specific User name(which given by user) getting 'User dn'.

After that we hit Next LDAP server based on the 'User dn' getting from 1<sup>st</sup> server.

(So, in my case 1<sup>st</sup> LDAP server works like as Load balancing server but functionalitywise it is different)


active directory exception unusual behaviour


i have a small problem
i want user names from active directory for an auto completer type of service
the method is always throwing an exception 
"searcher.FindAll()' threw an exception of type 'System.DirectoryServices.DirectoryServicesCOMException' System.DirectoryServices.SearchResultCollection 

Active Directory and .NET: paging the search result

Hi everybody!

I have a question about Active Directory in .NET
For my project I need to fetch results from Active Directory search page by page, because later I would need to bind it to the pageable DataGrid.

I tried to use .NET library DirectoryServices for that, but paging provided by this library is transparent to the user and is used only to increase the efficiency of searching, when results are too big. I.e. I cannot tell the DirectorySearcher to give me first page, then the next or previous page, it returns me all resulting pages in one bundle.

However, what I need is to explicitely get page after page directly from the AD searcher and to be able to go at least one page forward or backward.

The solution with copying all results to the DataBase and then do the paging is not accepeted by the clent, since it is too inefficient. And since it's a Web app, I cannot keep results in memory either.

I found some hints about COM Interface, but I could not find good and detailed examples or explanations. I aslo found this line of code: DirectoryServices.Interop.IDirectorySearch.ExecuteSearch(), but I don't know which libraries should i add to be able to compile this code.

If somebody could help me out with that problem, any suggestion is welcome, 'cause this issue is eating me alive :)

Thank you!

Error on Display user's fullname using Active Directory in asp.net using vb.net



wi As System.Security.Principal.WindowsIdentity =  _System.Security.Principal.WindowsIdentity.GetCurrent()



Dim a As String() = HttpContext.Current.User.

Getting list of users reporting from specific Manager from Active Directory


Dear All,

I am have requirement like displaying all the user information reporting to specific manager from Active Directory.

Please help me regarding this.



List Users from Active Directory


When i try to List the users from Active directory, i get this exception.

Error while processing.System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll()

The code i used is :

DirectoryEntry de = new DirectoryEntry(_path);DirectorySearcher deSearch = new DirectorySearcher();

deSearch.SearchRoot =de;

deSearch.Filter = "(&(objectClass=user) (cn=" + UserName +"))";

SearchResultCollection results = deSearch.FindAll();

 But the DirectoyEntry method is getting validated if i use the overloaded method : DirectoryEntry(_path, domainAndUsername, password);

Please advice me.

AD FS 2.0 in Identity Solutions: Using Active Directory Federation Services 2.0 in Identity Solution


This article explains how you can use Active Directory Federation Services (AD FS) 2.0 to claims-enable Windows Communication Foundation (WCF) services and browser-based applications. The focus is on the token issuance functionality in AD FS 2.0. You'll find out how to use AD FS 2.0 as an identity provider; set up an AD FS 2.0 security token service (STS) to interact with WCF; federate AD FS 2.0 with your custom STS or another AD FS 2.0; enable Web single sign-on and federation with WS-Federation and SAML 2.0 protocols; and externalize authentication logic through Visual Studio. You'll come away appreciating how AD FS 2.0 and Windows Identity Foundation make programming identity solutions in Windows less of a chore.

Zulfiqar Ahmed

MSDN Magazine November 2009

Security Briefs: Active Directory Cache Dependencies


If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.

Keith Brown

MSDN Magazine July 2007

Single Sign-On: A Developer's Introduction To Active Directory Federation Services


Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly.

Keith Brown

MSDN Magazine November 2006

Got Directory Services?: New Ways to Manage Active Directory using the .NET Framework 2.0


System.DirectoryServices is a managed code layer on top of Active Directory Service Interfaces, and you can employ it to better manage Active Directory from your code. Here Ethan Wilansky helps you get started.

Ethan Wilansky

MSDN Magazine December 2005

Active Directory and ASP.net VB




Real newbie question :-)


I currently get the current logged on user info from AD by using :

Label1.Text = Page.User.Identity.Name.ToString
However now I need to get the following :
Label2 = (this must show the current logged on user's email address)
Label3 = (this must show the current user's manager)

any help would be appreciated

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend