none
User Profile Service sync with AD RRS feed

  • Question

  • Question: How can I obtain the SID of a user account from the User Profile Service?
    Question: How can I create a mapping to a multi-string AD field using the User Profile Service?

    I'm using SharePoint On-Prem 2019 and have setup the User Profile Service to sync with AD. Everything is working as expected but I have two issues.

    The SharePoint SID field is supposed to sync with the objectSid field of AD. The SID field appears to be blank though. Why is this? I decided to create my own field and map it to objectSid instead, but again the field remained blank. Why is this? Why isn't the mapping made? It's almost like the User Profile Service blocks this mapping? I've no idea why though, as the SIDs are easily retrieved when I use PowerShell so I don't see why it should be a big deal with UPS.

    Additionally, I'm trying to also create a mapping to an AD field called departmentNumber. This isn't working either. The field is a multi-valued string. Do I have to deal with this field in a different way? All my other mappings are to AD fields that are single strings and they work fine.

    I've searched the internet for days but can find nothing which would help me solve either issue. :-(

    Tuesday, April 23, 2019 2:32 PM

Answers

  • Hi,

    Have you configured Managed Metadata service application?

    If not, you need to create a Managed Metadata Service Application and tick “This service application is the default storage location for Keywords.”.

    Reference: There was a problem retrieving data for this field – SharePoint 2013

    Best regards,

    Grace Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, April 25, 2019 8:21 AM

All replies

  • can you please try the below blogs

    https://docs.microsoft.com/en-us/sharepoint/administration/configure-profile-synchronization-by-using-sharepoint-active-directory-import

    This is to be expected. the SPUser.Sid property is no longer populated when you move to Claims. You'll just need to trim the SystemUserKey to remove the claims identifier.

    https://social.technet.microsoft.com/Forums/en-US/699b3e43-2065-4043-82e5-65fe07fb2a27/user-profile-sync-not-updating-sid?forum=sharepointgeneral

    For multivalue sync, pls try the following

    https://techcommunity.microsoft.com/t5/SharePoint-Developer/Sync-Custom-Active-Directory-Attributes-with-SharePoint-Online/td-p/30663


    Please remember to click Mark as Answer on the answer if it helps you

    Tuesday, April 23, 2019 5:06 PM
  • Hi,

    For the first question, you can check the Lakshmanan’s reply.

    For the second question, to map a multi-value field in AD, you need to create a new user property with multi value string via user profile service application and map the AD field.

    Best regards,

    Grace Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, April 24, 2019 7:48 AM
  • Thanks for your reply. I have already read the first blog which I used to successfully configure the User Profile Service. However, I don't understand the reference to "SystemUserKey". What is that? I don't see it listed as a property in the User Profile Service and it's not an AD field either. How do I reference it?

    Are you saying I should create a property in the User Profile Service, e.g. UserSID and then map the attribute SystemUserKey to it? Confused.

    Also, if I create a property like UserSID and map it to the AD field objectSid, why doesn't that work? What was Microsft's rationale in preventing that mapping from taking place? Moreover, why did they stop objectSid from automatically mapping to the SID property? I guess there must have been a really good reason, but from a useability perspective, it's really annoying.

    Wednesday, April 24, 2019 8:33 AM
  • Thanks for your reply. This is the mapping I've created in the User Profile Service:

    Property Name : CostCentre

    Property Type : string (Multi Value)

    Mapped Attribute : departmentNumber (from AD)

    If I use ADSI Edit, it shows that the AD field departmentNumber has a value of "080" for my account.

    However, my UPS field "Cost Centre" remains blank, and I see this error message when viewing my SharePoint profile:

    Wednesday, April 24, 2019 8:48 AM
  • Hi,

    Have you configured Managed Metadata service application?

    If not, you need to create a Managed Metadata Service Application and tick “This service application is the default storage location for Keywords.”.

    Reference: There was a problem retrieving data for this field – SharePoint 2013

    Best regards,

    Grace Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, April 25, 2019 8:21 AM
  • Hi Grace,

    I did have a configured Managed Metadata Service application, but there appeared to be a problem with it which only became apparent when I tried to view the properties of it. I followed the instructions in another link and was able to resolve the issue, so I no longer get any "there was a problem retrieving data" error messages. After doing a full-sync, my multi-line UPS field is now synching with the multi-line AD field. Great! Thanks for help on that.

    The question about obtaining the user SID is still an issue however. I still don't really understand how to deal with that or how I make use of "SystemUserKey" to get that information? I use InfoPath to obtain data from the User Profile Service (using a SOAP GetUserProfileByName datasource). Do you have any further clarification to offer regarding "SystemUserKey" and how to reference the data held within it? Thank you.

    Thursday, April 25, 2019 1:13 PM