Summary: You do this a bit differently than when using FIM Sync. When using Active Directory Import (AD Import) with SharePoint 2013, 2016, 2019, etc, only the “Claim User Identifier” (SPS-ClaimID) profile property needs to be mapped manually.  “Claim Provider Identifier” (SPS-ClaimProviderID) and “Claim Provider Type” (SPS-ClaimProviderType) are mapped automatically when you create the

Update 2/22/21: The problem that early SharePoint 2019 builds had with getting the timer job to process the staged manager and group membership entries, (the “NoILMUsed” issue) has been fixed. More about that in the “SharePoint 2019” section below. Update 5/21/20: Added some PowerShell and SQL queries to help determine the state of managers and

Why a whole troubleshooter? In SharePoint, the User Profile Service can be one of the more finicky web services. Problems with the User Profile Service Application (UPA) may manifest themselves in several ways like: Trying to access the User Profile Service Application within Central Administration fails with “An unexpected error has occurred” Missing “Target Audiences”

Update 9/15/19: Added some clarifying info, and some PowerShell that can be used to delete any “stuck” one-time timer jobs. One-time timer jobs are created on the fly, should run immediately, and then disappear when they are done doing whatever they were supposed to do.  If you have one-time timer jobs hanging around, you have

Update 2/22/21: The problem that early 2019 builds had with getting the timer job to process the staged manager and group membership entries, (the “NoILMUsed” issue) has been fixed. More about that in the “SharePoint 2019” section below. I want to thank my colleague Dhiren for doing most of the leg work to figure this

  Symptoms: Consider the following scenario: You are using SharePoint 2010 or 2013 and using the “Use SharePoint Profile Synchronization” (FIM Sync) option to import user profiles. In Central Administration | Manage Service Applications | User Profile Service Application, the “Profile Synchronization Status” shows as “Stopping” although the “<UPAName>-User Profile Incremental Synchronization” timer job is not

  This issue is not particular to SharePoint, but that’s how I came across it, so I’ll present it that way. However, keep in mind that you could see this behavior for any IIS site using Kerberos.   Problem: Users are unable to authenticate via Kerberos (Negotiate). They try to access a site and get