Select the User Profile Service and click the Manage button on the ribbon. You should see the screen just like the one below.
Default User
Profile Service configuration window after being created
Select Configure
Synchronization Connections in the Synchronization section. Now
click the Create new Connection option, if you see the
pop-up window In that case go back to Manage Services on Server and wait until the service starts.
Pop-Up window when
attempting to create the UPS synchronization connection
In the Add New
Synchronization connection window, we will need to fill-in several fields.
In the Connection Name
field enter a descriptive name of your connection, such as AD Synchronization.
In the Forest name field
enter the FQDN name of your domain (in my example: ad.local). Leave
the Auto discover domain controller option selected.
In the Account name, Password,
Confirm Password,enter credentials for the synchronization account
(sps_ups_sync).
User Profile
Synchronization Connection configuration
Now click the Populate
Containers button and select your AD organizational units you would like to
import. I’ve selected NetPro and Users OU’s where I usually store
all my users.
User Profile
Synchronization Connection – AD Container selection
Click OK and after a
while you should see your newly created connection listed. We can add
additional properties now, to tell the UPS Service that we do not want to import
AD accounts that are disabled. In my experience this is often requested by clients, so I propose
to make it a default for your setups.
Scroll over your connection name
and expand the menu using the black arrow on the right, then select Edit
Connection Filters option.
Edit Connection
Filters option under Synchronization connection name
Right now we need to add
exclusion filter for users that are disabled. You need to choose userAccountControl
attribute with Bit on equals operator with filter value 2.
See the screenshot below for the exact config you should perform.
Exclusion
configuration that would prevent importing disabled user accounts
Click the Add button – you
should see your newly created filter listed now. Click the OK button and
go back to the User Profile Service settings window.
Default User
Profile Service configuration window after being created
Select Configure
Synchronization Connections in the Synchronization section. Now
click the Create new Connection option, if you see the
pop-up window In that case go back to Manage Services on Server and wait until the service starts.
Pop-Up window when
attempting to create the UPS synchronization connection
In the Add New
Synchronization connection window, we will need to fill-in several fields.
In the Connection Name
field enter a descriptive name of your connection, such as AD Synchronization.
In the Forest name field
enter the FQDN name of your domain (in my example: ad.local). Leave
the Auto discover domain controller option selected.
In the Account name, Password,
Confirm Password,enter credentials for the synchronization account
(sps_ups_sync).
User Profile
Synchronization Connection configuration
Now click the Populate
Containers button and select your AD organizational units you would like to
import. I’ve selected NetPro and Users OU’s where I usually store
all my users.
User Profile
Synchronization Connection – AD Container selection
Click OK and after a
while you should see your newly created connection listed. We can add
additional properties now, to tell the UPS Service that we do not want to import
AD accounts that are disabled. In my experience this is often requested by clients, so I propose
to make it a default for your setups.
Scroll over your connection name
and expand the menu using the black arrow on the right, then select Edit
Connection Filters option.
Edit Connection
Filters option under Synchronization connection name
Right now we need to add
exclusion filter for users that are disabled. You need to choose userAccountControl
attribute with Bit on equals operator with filter value 2.
See the screenshot below for the exact config you should perform.
Exclusion
configuration that would prevent importing disabled user accounts
Click the Add button – you
should see your newly created filter listed now. Click the OK button and
go back to the User Profile Service settings window.
No comments:
Post a Comment