I’ve put off writing this post for a long time, hoping that the User Profile Synchronization service (aka: FIM Sync) would go away. And it is going away with the eventual retirement of SharePoint 2010 and 2013, but that’s not happening soon enough, and meanwhile we’re still seeing a lot of support cases on it.
Microsoft Identity manager (MIM) communicates with SharePoint via a web service, specifically, the “ProfileImportExportService” web service, located at http://YourCentralAdminSite/_vti_bin/ProfileImportExportService.asmx When there are problems with the synchronization, you should always look at what the MIM client (miisclient.exe) and the SharePoint ULS logs are saying, but sometimes there is a need to dig a little deeper and
This one may be a bit of a one-off. As far as I can tell, it’s only happened once in the history of SharePoint. However, that also means that documentation on this problem is non-existent, and if happened once, it could happen again. Note: This is only valid for SharePoint 2010 and SharePoint 2013
Symptoms: Consider the following scenario: You are using SharePoint 2010 or 2013 and using the “Use SharePoint Profile Synchronization” (FIM Sync) option to import user profiles. In Central Administration | Manage Service Applications | User Profile Service Application, the “Profile Synchronization Status” shows as “Stopping” although the “<UPAName>-User Profile Incremental Synchronization” timer job is not
Consider the following scenario: You have an Active Directory Forest trust between your local forest and a remote forest. You create a “domain local” type security group in Active Directory and add users from both the local forest and the remote trusted forest as members. You configure SharePoint Profile Synchronization to use Active Directory Import
Consider the following scenario: You have one of the following User Profile Synchronization configurations for SharePoint: SharePoint 2010, which utilizes Forefront Identity Manager (FIM) for User Profile Synchronization. SharePoint 2013, using the “Use SharePoint Profile Synchronization” option, which also uses FIM. SharePoint 2016 or 2019, using the “Enable External Identity Manager” option, which (typically)
Update 4/15/20: I have now tested this with AD Import and both SharePoint 2016 and 2019. It’s the same problem in both versions. This problem manifests itself in a few different ways: You create an Audience based on “Member Of” the “Domain Users” group. You notice there are only a couple (or maybe even zero)