Monday, October 21, 2013

User Profile Service Application Displaying Wrong Domain for Users

This problem that happens there is that the NetBIOS name is different from the domain name. You must enable NetBIOS domain names on the corresponding User Profile service application.

The User Profile Service Application (UPA) property NetBIOSDomainNamesEnabled is used to control whether the CNC partition is included in the Active Directory Management Agent (AD MA) or not. By default it is false (not enabled) and the CNC and associated run steps are not included in the AD MA configuration. If it is enabled, then the CNC partition and run steps are included.

When editing a connection, the flag is ignored. If the CNC was included in the AD MA when it was created, then it will continue to be included in the AD MA. If the CNC was not included when the AD MA was created then it will never be included in the AD MA.   This is important as it means if this wasn’t enabled on the initial setup, you will be effectively deleting all users which had their SAMAccountNames formatted incorrectly.

To "enable" NetBIOS domain names once a connection is created requires the connection to be deleted and a new connection created with the flag turned on (set to 1 or true). Remember users which were imported with the flag turned off and later turn it on will delete all the users which had their SAMAccountNames incorrectly formatted due to the NetBIOS domain name being incorrect.

How To: Enable import of NetBIOS Domain Names

1. Grant Replicate Directory Changes permission on a domain using the 2010 SharePoint Management Shell:
     $UPA = Get-SPServiceApplication –Id

2. Grant Replicate Directory Changes permission on the cn=configuration container

3. Delete the existing connection and "Create New Connection" on "Synchronization Connections" page.

4. Perform a full new "Start Profile Synchronization"

5. Everyone’s SAMAccountName should now be using the correct netBIOS naming convention.

No comments:

Post a Comment