Manager resolution across multiple domains during User Profile sync

Question

When utilizing Active Directory connections across multiple domains (with a two-way trust), is it possible to have resolution (during sync) of the Manager field when the Manager exists in another domain?

Working with the following example users:

• DOMAINA\Manager1
• DOMAINB\Manager1
• DOMAINB\User1

If the Manager for DOMAINB\User1 within AD is set to DOMAINB\Manager1, resolution within the user profile occurs without issue. If the Manager is set to DOMAINA\Manager1, resolution does not occur and the Manager field does not appear within the user profile.

Answer 1

The lack of manager resolution across domains was due to the use of multiple synchronization connections. When using 1 synchronization connection for the forest, resolution occurred without issue.

Answer 2

Yes, FIM works with two-way trusts... I suspect this is a configuration or a permissions problem.

Do you have user profile sync connections setup to synch users from both domains? Have you given your user profile synch account the correct read permissions on both domains?

Answer 3

Make sure that you have enabled netbios names. That was one of the issues I came across when configuring multiple domains and users from other domains being the managers. Doing the following via a powershell did the trick, but unfortunately you have to remove all Synchronization connections after running the script and re-create them to make the setting effective.

NB: Get-SPServiceApplication gives you all the applications and you can use that to get the GUID of User Profile Service Application

$var = Get-SPServiceApplication –Identity {Application GUID}
$var.NetBiosDomainNamesEnabled
$var.NetBiosDomainNamesEnabled = “True”
$var.update()
$var.NetBiosDomainNamesEnabled