.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Unable to see Active Directory Groups in the User Profile Database after Profile Import

Posted By:      Posted Date: September 18, 2010    Points: 0   Category :SharePoint
SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup: AD/DNS SQL 2008 WFE APP Claims Mode Web App only using Windows Integrated Auth So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article: InfoPath - User Roles in Browser-Enabled Forms Using AD Groups.  I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all.  Typically, the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though). My user profile sync is working.  All AD users are pulled in with the proper profile data. "Users and Groups" is selected in the Synchronization Entities section of my Sync Settings. Security groups are working for permissions and audience targeting.  Confirmed my users are affected properly by the use of Security Groups. My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites. The GetUserProfileByName method of the same UserProfileService.asmx web service returns all the regular profile data

View Complete Post

More Related Resource Links

Import user profile from another domain active directory

Hi, I have SharePoint 2010 running on DomainB andwe have corporate users on DomainA. i need to import users from both domainA and DomainB. I am able to import users from domainB and not able to import users from DomainA. I made a successful connection to both Domain A Ad and DomainB AD in SharePoint 2010 user profile synchronize connections. I am able to sync users only from DomainB (SharePoint 2010 running on domainB) and not able to synchronize profiles from DomainA (outside domain). Is there any additional configuration I need to do. Please help me on this issue. Thanks, Ratna

Is there a way to undo/remove/delete an active directory user profile syncronization? [SP 2010]


I successfully managed to synchronize the active directory with Sharepoint 2010.  Unfortunately, the farm I was on has different FQDN /Netbios domain names.  So all ~1000 user profiles are now imported with the wrong domain, and the subsequent errors one would expect.


Is there a way to get back to a blank slate?  technet has an article on "resetting" profile synchronization (http://technet.microsoft.com/en-us/library/ff681014.aspx), but that requires being able to verify the GUID of the user profile synchronization database, which I am also unaware of how to do.


Please help, and thank you in advance.

Accessing Active Directory's User Profile Information in InfoPath Form



I want the User Profile information in InfoPath Form from active directory and I want complete information of currently logged in user which include:

User Name, First Name, Last Name, Email Address, Designation, Company, Manager Name and everything which is in the profile of user in Active Directory. Please help me in getting this.


M Kamran Rafi

Unable to start user profile synchronization service

Hello, I have the following problem. user profile synchronization service doesn't start up, with the following error in log: The service encryption keys could not be found. User Action Verify that the service account has permissions to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service If the problem persists, run setup and restore the encryption keys from backup. Permissions for registry are availabele. Thank you.    

BDC Import for user profile picture

I am attempting to populate the user profile property 'Picture' with data from a BDC connection. My column from the BDC contains urls but SharePoint will not allow me to map Picture to the column. I"m guessing this is because the property is expecting a strongly typed Url type. That doesn't help me though. So, has anyone successfully mapped the Picture property to a field from a BDC connection. (-SN: I know the field can be mapped to AD but I need it mapped to a BDC) Thanks in advance.

Permissions for Profile Field Export to Active Directory

I have a service account which is currently configured with the following permissions in the root of the domain: Allow Replicate Directory Changes Allow Write Mobile Number Allow Write Fax Number Allow Write thunbmailPhoto Do I need to assign the Allow Read permission in additon to this for FIM to be able to export to these three properties, and do I need any other permissions to be assigned?Richard Green, MCSE Windows Server 2003

User Profile Service not returning security groups


I just got the User Profile Service working, and tried using GetCommonMemberships but I am only getting Distro lists and Sharepoint groups.  No security groups (Domain Local, Global, Universal) are showing up.

I did come across one post where someone was not running in Native mode AD, its possible since I *JUST* ADPrepped and added a 2008 DC today that I'm back in a mixed mode and that is the problem...?  Seems weird tho.   Just checked on the new 2008 DC it says Windows 2003 mode or something along those lines

Sharepoint itself is able to see and use the security groups.  If I change permissions on a List or library, I am able to select security groups.  It seems specific to the User Profile Service.

A little more looking... it seems that DL's show up, and Universal security groups show up.  Domain Local and Domain Global security groups do not.




how to import user Profile Picture already stored in AD as thumbnailphoto or jpegphoto


We already store out photos in AD using both the thumbnailsphoto and jpegphoto properties. Outlook2010 shows the user profile correctly. Now we want to sync sharepoint 2010 with AD and retreive the photo. I currenrlt have it setup as mentioned in this MSDN post to Export.


Is it odd that the thumbnailphoto and jpeg photo have been in AD since at least 2007( I think they were even in 2003 schema) but that this user profile syncing to those two atributes isn't the default behavour? Outlook 2010 used those photos instantly, yet sharepoint can't out of the box?


I've opened a Case with MS about this. I'll post findings here.

**Edit 2**

Also the previous method used in Moss 2007 doesn't work wither. Setting the URL to the photo in an AD ExtensionAttribute1 and having sharepoint import it.

Unable to Edit & Update user Profile Information

I Have a sharepoint Site.. I am trying to configure alter in the site..But Email ID are not available bel for all the users..I tried to Update the user Profile info by clicking the edit Item button in the user profile information.But it is not showing any editable content...It is just showing user NTlogin?This site is not connected to active directory.. We are adding users manually..How to update user details?

How do we create new User Profile Synchronization connection so that we can import profiles from AD

We have a requirement to authenticate users against Active Directory LDS in our SP 2010 farm and also import their profiles in user profile store. We are able to setup FBA using AD membership provider to authenticate against AD LDS.

I am interested in importing the users in AD LDS to SharePoint user profile store. 

When I try to create a new connection the options that I am provided are 
1. Active Directory
2. Active Directory Logon Data
3. Active Directory Resource.
4.SunOne (LDAP) 5.2
5.Novell eDirectory (LDAP) 8.7.3
6.IBM Tivoli (LDAP) 6.2

If I select any of the options 1/2/3 I am asked to provide Forest Name and Domain Controller name. Since this is AD LDS there is no Forest or Domain Controller. It’s just a generic LDAP server.  

So the question I am struggling with  is: what are the steps required to create a User Profile Synchronization connection to import users from AD LDS and not from AD DS? 

We are not able to find any information how to do that in SP2010… From other blog entries I am assuming it was supported and documented for MOSS2007.

There is NO “LDAP Directory” connection type in SP2010.

I am wondering if this is supported in SP2010.


Need Clarifications on SharePoint 2010 User Profile properties and Sync database security


Need few clarifications on SharePoint 2010 user profile sync. I’ve answered some of them but need confirmation/clarity on this front.

  1. Is there option to disable ‘email address’ import from AD?
    Yes. Can disable that property mapping.
  2. Possible to send mails (user alerts) from SharePoint without the user profile property ‘email address’ mapped?
    Yes. User alert mails from SharePoint will work without ‘email address’ mapped in user profile DB.
  3. In case email address too is imported into SharePoint, can we bulk export them from SharePoint? If Yes, how to security harden that database?
    Not Sure. I believe Farm admin account/sync account has access to do this profile DB.

 Thanks in advance for your advice.<

Profile import does not update People and Groups


I've come across an odd issue which hopefully you can help with.

I have around 12000 objects in my AD domain which have been imported fin usig the profile import schedule.

If for example an attribute is changed for a user, say job title or department it does not seem to be updated within the people and groups page of site settings.

However if I perform a people search or check the profile in CA then it's updated fine???

Should the profile import / update process also update the attributes in People & groups or this a one off snapshot taken when the user is added to a specifi site or group???

Many Thanks


User Profile Import using ADFS 2.0



I've set up a lab environment with SharePoint 2010 using ADFS 2.0 as identity provider. Thanks to harbar's highly recommended blog everything works fine (though it took me some time ;-)).

My next goal is to configure User Profile Import. I've read Mark van Eijk's very helpful post and the thread on this forum. But still keep wondering how to configure this. My problem is that in the Edit synchroniztation connection dialog (section Connection Settings) there is no Authentication Provider Instance available after I chose Trusted Claims Provider Authentication. Any hint what's going wrong is very appreciated.

I've tried this as pre-step for my actual goal: I have some users from another domain who will log on my sharepoint. These users are organized in a foreign domain and there is no trust between "my" domain and the users' domain. I need to import the user profiles of these external users though. I had in mind to do this by using the ADFS claims as source for the user profile synchronization app

Restoring a content database from another server/AD does not synch user profile information for new


In my SharePoint 2010 beta environment, I have user profiles synching with Active Directory.  I just restored a content database from a separate environment/domain and logged in with my current account.  When I try to create an alert on a library/item, I get the error:

“You do not have an e-mail address.  Alert has been created successfully but you will not receive notifications until valid e-mail or mobile address has been provided in your profile.”

I went to My Profile and found that the My Profile had the right e-mail address (I guess because this is on my My Site Host).

But when I went to My Settings, it did not have any e-mail address for me (I guess this is because it is at the WSS content database level and the e-mail address hasn’t yet synched from the user profile database).

Does anyone the timer job that synchs the user profile with the My Settings for a site collection in a content database?

Issue is posted to my blog with screenshots here:



User Not Found: Could not load profile data from the database



       i am trying to get the Department of a user , using the following code 

                objWeb = SPContext.Current.Web;

                strCurrentUser = objWeb.CurrentUser.Name;

                objList = objWeb.Lists["MyList"];

                SPSite _site = SPContext.Current.Site;


User not found. Could not load profile data from the database



We have our intranet on MOSS 2007. Some of the users (particularly those who have edited their account names in AD) are getting the above error when they try to 'Edit Details' from 'My Profile' in 'My Site'.

I am not sure how to resolve this issue. Can someone kindly help me please?



User Profile Synchronization - Creating AD Connection "Unable to process Create message"



I have the following error when I try to create a new synchronization connection:  "Unable to process Create message".  Microsoft reports this error as being due to a SUN LDAP error which does not make sense.  While we do have some SUN machines in our environment, I used an LDAP browser to confirm that the Windows AD LDAP  was returning information fine.  We are using a mixed Windows 2008 R2/Windows 2003 domain.

I've searched the internet for the solution and have tried all suggestions.  Have tried recreating the User Profile Service.  Have tried not using the wizard and set everything up manually according to the "Rational User Profile" blog.  Have done as much as I can think of.

Any help would be awesome and very appreciated.

The recurring errors in the Event Log are 3 errors:

FIMSynchronizationService Event 6303

Forefront Identity Manager Event 3 (occurs twice)





Here are the verbage for each error

FIMSynchronizationService Event 6303


The server encountered an unexpected error while performing an operation for the client.
 "BAIL: MMS(4228): parser.cpp(3182): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERA

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend