|This post discusses about User Profile Service Application changes in SharePoint 2013. One of the key change is better performance in Active Directory Profile Synchronization. It reduced the import time from up to 2 weeks down to 60 hours for extremely large organisations having 200K users. This has been tricky in earlier versions. Several optimizations are already been added in SharePoint 2010 like Adding indexes to certain user properties and importing data from BDC in batches.|
User Profile Import options in SharePoint 2013
You have the classic import Forefront Identity Management import option and you can also connect external system using BCS and import their data into UPS. New option available in SharePoint 2013 which is Direct Import from Active Directory which is designed to import the AD profile as quickly as possible.
Key Capabilities are
- Direct AD Forest Import (one connection per domain)
- You can specify OU’s , users and groups and LDAP filters for incremental imports
There are some limitations in AD import option
- Mapping to system SharePoint properties is not supported.
- Mapping two different AD attributes to the same SharePoint property is not supported
Filtering AD Import
Filtering uses a simple LDAP query when you create a Active Directory connection during the import as shown below
After a full import the UPA admin must purge the items that no longer belong in the profile database.
Set-SPProfileServiceApplication -Identity $upa – PurgeNonImportedObjects $true
Switching between FIM and AD Direct
There is no automatic migration from FIM to AD Direct or property mappings as FIM configuration connection is in the Sync DB and AD Direct connection in the Profile DB. So the option is Run a Full Import and use PurgeNonImportedObjects option if you want to remove the items that should not be there
User Profile Replication Engine(UPRE)
User Profile Replication Engine in SharePoint 2010 is a separate download and now it is coming as out of box feature. UPRE is a tool where we can replicate user profile information and some social information between multiple farms.
The below are the steps to for configuration of direct AD Import
Open user profile service application from SharePoint central admin and click configure synchronization settings
Select use SharePoint Active Directory Import option as shown above
Next step is to create a Synchronization Connection
give the desired values in the connection settings screen as shown below
specify the service account that you want to use to import the users from AD. After creating the synchronization connection then you start the profile synchronization from user profile service application main screen
At very first time you can choose the Start Full Synchronization option, you can see the results in User Profile Service Application main screen
The AD Direct import option is much more faster than earlier versions!