SharePoint – Active Directory Import – Do NOT map Claim Provider Identifier and Claim Provider Type
This is similar to a previous blog post I wrote. However, we’ve since found a few customers that have done something similar with Windows authentication. We’ve seen this a few times now. It seems to most commonly occur when Admins are setting up a new User Profile Service app using Active Directory Import (AD
SharePoint: The complete guide to user profile cleanup – Part 5 – 2019
As far as I know, nothing much has changed regarding profile cleanup in SharePoint 2019 as compared to SharePoint 2016. See that post: SharePoint: The complete guide to user profile cleanup – Part 4 – 2016 This is part 5 in a series. You can find other parts here: SharePoint: The
SharePoint: Troubleshooting guide for importing groups and managers with MIM
Update 9/16/19: Updated some PowerShell and wording to also apply to SharePoint 2019. I’ve had a few posts in the past explaining various problems with importing Active Directory (AD) groups and managers. However, this post is designed to be more of a troubleshooting guide that is applicable when using Microsoft Identity Manager (MIM) to Sync
SharePoint: Profile Sync with MIM – Managers and Group memberships are not updated
Update 9/16/19: It has come to my attention that at the time of this update (9/16/19), we have a similar problem with SharePoint 2019 as we did in early SP 2016 builds. To get the timer job to process the staged manager and group membership entries, you will likely need to set the “NoILMUsed” flag
SharePoint: FIM / MIM fails on Import with stopped-extension-dll-exception or read-error
Consider the following scenario: You have one of the following User Profile Synchronization configurations for SharePoint: SharePoint 2010, which utilizes Forefront Identity Manager (FIM) for User Profile Synchronization. SharePoint 2013, using the “Use SharePoint Profile Synchronization” option, which also uses FIM. SharePoint 2016 or 2019, using the “Enable External Identity Manager” option, which (typically)
SharePoint: Quick Troubleshooting TIP: Check SAML token-signing Certificate
When the SAML Identity Provider (ADFS, SiteMinder, Ping Federate, OKTA, etc) token-signing certificate is renewed or rolled over, SharePoint can be in trouble. This is because there’s currently no functionality in SharePoint to automatically update the certificate within the Trusted Identity Token Issuer on the SharePoint side when it’s been updated on the Identity
SharePoint: Profile Sync and the “Domain Users” group – the Primary Group problem
This problem manifests itself in a few different ways: You create an Audience based on “Member Of” the “Domain Users” group. You notice there are only a couple (or maybe even zero) members shown, whereas you may have hundreds or thousands of users in that group. You have a SharePoint Add-In (previously known