Introduction
SharePoint offers different methods by which we can synchronize the User profiles with Active Directory. SharePoint Profile Synchronization and Active Directory Import are the two primary methods by which we can implement Profile Synchronization. When we set up the SharePoint farm we can chose to run an instance of the Synchronization service in one of the server which is called the Synchronization Server. We can specify the server while creating the User Profile Service Application and SharePoint will create an instance of the Forefront Identity Manager in the synchronization Server.
Configure and Start User Profile Service and FIM Service
First and Foremost we have to ensure that the User Profile Service Application is already created in the SharePoint Farm. User Profile Service is the primary service application that is responsible for the synchronization of user profiles with the Active Directory.
![]()
Once we have ensured that the Service Application is created we will also have to go to the ‘Manage Services on Server’ in Central Administration and see it is in started state.
![]()
Once the User Profile Service Application has been configured, ensure that the Forefront Identity Manager Service is running by going to Services.msc
![]()
Configure Synchronization Connection
Once the above prerequisites are in place we can create the synchronization connection with the Active Directory and use FIM based SharePoint Profile Synchronization to synchronize the user profiles. In order to do that go to the User Profile Service Application and select ‘Configure Synchronization Connections’ from ‘Synchronization’ tab.
![]()
By default there are no connections in place. Click on ‘Create New Connection’ to create a new one.
![]()
This will open up the page where we can specify the Connection Name, Type and Connection Settings.
![]()
Specify the Connection Type as Active Directory and in Forest Name specify the Active Directory Domain Controller. Also mention the Active Directory administrator User Name and Password that will be used to connect to the AD.
![]()
At the bottom of the page we have the Containers present in the Active Directory. Click on ‘Populate Containers’ to connect to the AD and retrieve the objects.
![]()
Thus the hierarchy of object has been retrieved from the Active Directory. Since we are more interested in synchronizing the users, select the ‘Users’ Object in the list box.
![]()
Click on OK which will start the creation of the Synchronization Connection with the Active Directory.
![]()
Going back to the Synchronization Connections page we can see the newly created connection with the Active Directory.
![]()
Synchronization Settings
The synchronization of user profiles are handled by SharePoint Timer jobs. We can manage them by going to the ‘Configure Synchronization Timer Job’ section.
![]()
Here we can schedule the time at which the timer job will run the synchronization service. Ideally set this to the non-peak hours so that it does not put much load on the server.
![]()
Toward the left of the User Profile Service Application page, we can see the details of the last synchronization job and the count of user profiles synchronized. Currently it is set as 15 and towards the bottom we can see the synchronization status as idle.
![]()
Before running the Synchronization job, we have to go to the ‘Configure Synchronization Settings’ page and set the synchronization options.
![]()
Select ‘User SharePoint Profile Synchronization’ option to leverage the full SharePoint Profile Synchronization feature.
![]()
Now let’s try to perform a user profile synchronization manually without waiting for the timer job to perform the synchronization. Click on Start Profile Synchronization.
![]()
We can either do an incremental or full synchronization. Incremental synchronization will only perform the updates or changes that occurred after the last user profile synchronization. While a Full Synchronization will perform a full user profile synchronization and updates every user profile properties.
![]()
We can now see that the status of the Profile Synchronization has changed to ‘SharePoint Server Export’.
![]()
After some time, the status goes to idle indicating the completion of the synchronization. Looking at the User Profile Properties synced we can see that it has increased to 16 indicating a successful user profile Synchronization.
![]()
Clicking on the ‘Idle’ status will open up the detailed log file which contains the statistics of the synchronization job.
![]()
Summary
Thus we saw how to configure profile synchronization connection and start a User Profile Synchronization job between SharePoint and Active Directory.