Category: SharePoint 2016

SharePoint: Why are active users returned by GetNonImportedObjects?

As discussed in my previous posts about user profile cleanup for SharePoint 2013 and SharePoint 2016, when using Active Directory Import, the profile cleanup process is a bit more manual as compared to FIM Sync. It consists of three steps that need to be done periodically to keep things cleaned up: 1. Run a Full

SharePoint: Capture MIM traffic with Fiddler

Microsoft Identity manager (MIM) communicates with SharePoint via a web service, specifically, the “ProfileImportExportService” web service, located at http://YourCentralAdminSite/_vti_bin/ProfileImportExportService.asmx When there are problems with the synchronization, you should always look at what the MIM client (miisclient.exe) and the SharePoint ULS logs are saying, but sometimes there is a need to dig a little deeper and

SharePoint: SAML auth login error: There are multiple keys on the token

  Consider the following scenario: Your users authenticate to SharePoint using “Trusted Provider” authentication. This is also known as SAML or WS-Fed authentication, typically provided by AD FS, Ping Federate, Okta, SiteMinder, etc. After SharePoint upgrade or security patching, users are no longer able to authenticate. They may see a “Server Error in ‘/’ Application”

SharePoint: Active Directory Import with Trusted Provider authentication: Map only Claim User Identifier

  Summary: You do this a bit differently than when using FIM Sync. When using Active Directory Import (AD Import) with SharePoint 2013, 2016, 2019, etc, only the “Claim User Identifier” (SPS-ClaimID) profile property needs to be mapped manually.  “Claim Provider Identifier” (SPS-ClaimProviderID) and “Claim Provider Type” (SPS-ClaimProviderType) are mapped automatically when you create the

SharePoint: Troubleshooting guide for importing groups and managers with MIM

Update 2/22/21: The problem that early SharePoint 2019 builds had with getting the timer job to process the staged manager and group membership entries, (the “NoILMUsed” issue) has been fixed. More about that in the “SharePoint 2019” section below. Update 5/21/20: Added some PowerShell and SQL queries to help determine the state of managers and

SharePoint: A Troubleshooting Guide for UserProfileApplicationNotAvailableException

Why a whole troubleshooter? In SharePoint, the User Profile Service can be one of the more finicky web services. Problems with the User Profile Service Application (UPA) may manifest themselves in several ways like: Trying to access the User Profile Service Application within Central Administration fails with “An unexpected error has occurred” Missing “Target Audiences”