SharePoint: Capture MIM traffic with Fiddler
Microsoft Identity manager (MIM) communicates with SharePoint via a web service, specifically, the “ProfileImportExportService” web service, located at http://YourCentralAdminSite/_vti_bin/ProfileImportExportService.asmx When there are problems with the synchronization, you should always look at what the MIM client (miisclient.exe) and the SharePoint ULS logs are saying, but sometimes there is a need to dig a little deeper and
SharePoint: SAML auth login error: There are multiple keys on the token
Consider the following scenario: Your users authenticate to SharePoint using “Trusted Provider” authentication. This is also known as SAML or WS-Fed authentication, typically provided by AD FS, Ping Federate, Okta, SiteMinder, etc. After SharePoint upgrade or security patching, users are no longer able to authenticate. They may see a “Server Error in ‘/’ Application”
SharePoint – Active Directory Import – Do NOT map Claim Provider Identifier and Claim Provider Type
This is similar to a previous blog post I wrote. However, we’ve since found a few customers that have done something similar with Windows authentication. We’ve seen this a few times now. It seems to most commonly occur when Admins are setting up a new User Profile Service app using Active Directory Import (AD
SharePoint: The complete guide to user profile cleanup – Part 5 – 2019
As far as I know, nothing much has changed regarding profile cleanup in SharePoint 2019 as compared to SharePoint 2016. See that post: SharePoint: The complete guide to user profile cleanup – Part 4 – 2016 This is part 5 in a series. You can find other parts here: SharePoint: The
SharePoint: Troubleshooting guide for importing groups and managers with MIM
Update 2/22/21: The problem that early SharePoint 2019 builds had with getting the timer job to process the staged manager and group membership entries, (the “NoILMUsed” issue) has been fixed. More about that in the “SharePoint 2019” section below. Update 5/21/20: Added some PowerShell and SQL queries to help determine the state of managers and
SharePoint: All about one-time timer jobs
Update 9/15/19: Added some clarifying info, and some PowerShell that can be used to delete any “stuck” one-time timer jobs. One-time timer jobs are created on the fly, should run immediately, and then disappear when they are done doing whatever they were supposed to do. If you have one-time timer jobs hanging around, you have
SharePoint: Profile Sync with MIM – Managers and Group memberships are not updated
Update 2/22/21: The problem that early 2019 builds had with getting the timer job to process the staged manager and group membership entries, (the “NoILMUsed” issue) has been fixed. More about that in the “SharePoint 2019” section below. I want to thank my colleague Dhiren for doing most of the leg work to figure this