SharePoint offers different methods by which we can synchronize the User profiles with Active Directory. SharePoint Profile Synchronization and Active Directory Import are the two primary methods by which we can implement Profile Synchronization. When we set up the SharePoint farm we can chose to run an instance of the Synchronization service in one of the server which is called the Synchronization Server. We can specify the server while creating the User Profile Service Application and SharePoint will create an instance of the Forefront Identity Manager in the synchronization Server.
What are we going to do?
Once the Synchronization Service is up and running as per the schedule, the synchronization between the Active Directory and SharePoint will take place. However, the administrators will be on the blind side if they don’t know how to monitor the profile updates that have taken place. In this article we will see how to monitor the profile synchronizations that take place between Active Directory and SharePoint using ForeFront Identity Manager Client.
ForeFront Identity Manager Client
ForeFront Identity Manager client is provided by Microsoft to monitor the User Profile Synchronization that takes place in the Synchronization Server. It is located at the below location as “miisclient” application :
C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\
Whenever the User Profile Synchronization happens, it monitors the process and provides us with the number of User profile Adds/Deletes/Updates/Renames that has occurred as shown below:
Start the ForeFront Identity Manager Client
Once we are in the ForeFront Identity Manager Client location, double click the miisclient application which should ideally open up the Identity manager Client. However at times we may get the below error :
This happens mainly because the services that are required for ForeFront Identity Manager are not running in the Server. Heading over to Services.msc we can verify whether the 2 ForeFront Identity Manager Services are running.
Though we can try to run the disabled services from the above location, let’s not do that. We will go to SharePoint Central Administration -> Manage Services on Server.
Here, check if the User Profile Synchronization Service is started.
If it stopped click on Start to enable the service. Specify the password of the account used to start the service and click on OK.
Prior to running the profile synchronization service we have to make sure,
- User Profile Service Application is created and running
- My Site is created and associated with the User Profile Service
- The Farm account that would be running the SharePoint Timer Service is added to the Local Administrators group before provisioning the User Profile Synchronization Service. As a best practice, we can remove the farm account from the Administrators group once the Service has completed provisioning.
The User Profile Synchronization Service is now started.
Heading over to the Services.msc window, we can now see that both the Forefront Identity Manager Services are running.
The ForeFront Identity manager will now start without any issues.
The synchronization Service Manager will look as below,
Start Monitoring Profile Synchronization
Once the User Profile Synchronization Service is started and the ForeFront Identity Manager is started, we can start the Profile Synchronization from the User Profile Service Application.
If the profile synchronization is happening for the first time, we can run a Full Synchronization else we can go with the incremental synchronization.
Upon clicking on OK, we can see a new entry by the name MOSS-UserProfile in the ForeFront Identity Manager Client with status as “in-progress” as shown below:
Once the status changes to succeeded, we can see the Synchronization Statistics in the bottom portion of the window. Since it is a full synchronization, all the users have been added to SharePoint.
Clicking on the count will give us the details of the synced users.
Synchronize and Monitor a new User Addition in Active Directory
Earlier we did a full synchronization and monitored it using the Identity Client Manger. Now let’s add a new user to the Active Directory and run an Incremental Synchronization and see how the update takes place using ForeFront Identity Manager Client. In the AD we will be adding the user “FIMTestUser”
The active directory controller is in a different server other than the Synchronization Server. Once the user is created, we will run the Synchronization Service in the Synchronization Server.
In the Synchronization Server, From Manage Service Applications -> User Profile Services Application Select Start Profile Synchronization. Chose to run an Incremental Synchronization this time.
The Synchronization Service Manager will capture the synchronization process.
Once completed, we can see that there is only one new Addition which has come up in the “Adds” row.
Clicking on the count will take us to the newly added user profile.
We can also see the summary of the synchronization process by clicking on the Profile Synchronization Status in the User profile Service Application.
Delete a User in AD and Monitor the Synchronization Process
Now let’s remove the “FIMTestUser” from the AD and see how the synchronization process will happen using FIM Client. From the Active Directory users, select FIMTestUser and delete it.
Go to the Synchronization Server and run an incremental synchronization.
This time, FIM Client has detected that there Is only one modification to the user profiles which is due to the deletion of the “FIMTestUser”.
Clicking in the count will give us the details of the deleted user.
Summary
Thus, we saw how to monitor the User Profile Synchronization Service using ForeFront Identity Manager Client in the Synchronization Server.