I have been working to get some of the MySite properties exported to Active Directory (such as thumbnailphoto).
Today, I created a new domain service account (sa-sharepointadds) and granted it the nesecarry permissions on the domain.
In SP, I configured the User Profile Sync to connect to the domain and do a full sync (import only at this time) which completed correctly.
I then enabled exporting a couple of profile properties and started another sync. I saw in the Application Event Log that an error occured, so I used the FIM Sync Service Manager application to view the steps and the errors.
I saw that the sync was running with my sa-sharepoint service account which is the Farm account and not the sync account sa-sharepointadds, and that a permission error occured because this account has no rights to modify Active Directory.
I went into the User Profile Sync Connection and verified the correct account was in use and it was. I then went to Security > Configure Service Accounts and saw that I needed to change the service account for the User Sync service. I changed it to the
I went back to User Profile Sync, however my connection had disappeared. I tried to create a new connection and got the error that a sync is already in progress and that I cannot make changes until it finishes. I knew that nothing was currently running,
so I did an iis
View Complete Post