Category: SharePoint 2013

SharePoint – AD Import – Some users are not imported

The most common reasons for some users not getting user profiles imported when using SharePoint Active Directory Import (AD Import; ADI) have been the same for a long time now. They are (in order): Container / OU selection (you didn’t select the containers that the missing users live in) LDAP Filter (your filter excludes those

Keeping SharePoint happy during your domain migration

We’ve seen a few of different problems occur in SharePoint (2013, 2016, 2019) when users are being migrated from one domain to another. They usually come up in one of the following areas: People Picker People Picker may show either or both accounts depending on which domain SharePoint is in, and how PP is configured

SharePoint – People Picker: PeoplePickerSearchInMultipleForests

Today I’m writing about a little-known SharePoint People Picker property that can influence your People Picker results. First some background: In SharePoint 2010, People Picker searched all two-way trusted Active Directory (AD) forests by default. In SharePoint 2013 and above, only the local forest is queried, but similar to Exchange, we also leverage the mxExchMasterAccountSid

SharePoint: Change the FedAuth Cookie name

  When using Trusted Provider (SAML / WS-Fed) authentication within SharePoint, we use a browser cookie to keep you authenticated. The default name of that cookie is “FedAuth”. If you have multiple web applications and / or multiple SharePoint farms that use Trusted Provider auth, using the same cookie name for all of them can

SharePoint: Why are active users returned by GetNonImportedObjects?

As discussed in my previous posts about user profile cleanup for SharePoint 2013 and SharePoint 2016, when using Active Directory Import, the profile cleanup process is a bit more manual as compared to FIM Sync. It consists of three steps that need to be done periodically to keep things cleaned up: 1. Run a Full

SharePoint: Capture MIM traffic with Fiddler

  Microsoft Identity manager (MIM) communicates with SharePoint via a web service, specifically, the “ProfileImportExportService” web service, located at http://YourCentralAdminSite/_vti_bin/ProfileImportExportService.asmx When there are problems with the synchronization, you should always look at what the MIM client (miisclient.exe) and the SharePoint ULS logs are saying, but sometimes there is a need to dig a little deeper

SharePoint: SAML auth login error: There are multiple keys on the token

  Consider the following scenario: Your users authenticate to SharePoint using “Trusted Provider” authentication. This is also known as SAML or WS-Fed authentication, typically provided by AD FS, Ping Federate, Okta, SiteMinder, etc. After SharePoint upgrade or security patching, users are no longer able to authenticate. They may see a “Server Error in ‘/’ Application”