User Profile Synchronization - cannot import users without DN entry
https://sharepoint.stackexchange.com//questions/22800
-
06-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need help in troubleshooting the problem with User Profile Synchronization.
Issue: Some users were treated with stsadm -o migrateuser command and they no longer being imported from Active Directory, however they do exist in the User Profile Database. On SharePoint 2010 RTM, the stsadm -o migrateuser command was buggy and because of that, these users are missing DN entry in table DNLookup (in database Profile_DB). When you perform query on the database like:
select * from dnlookup where DN like '%John Doe%'
you can't find the John Doe user at all, there is no entry for him (and about 20k other users, that were migrated with stsadm -o migrateuser).
The rest of the users (> 100k) is migrated properly and synchronization works perfectly. It's just the issue with the corrupted accounts because of migrateuser command.
Unfortunatelly, we have lot of custom properties that aren't stored in Active Directory, and we cannot loose the custom properties filled in by these users in SharePoint, so I can't remove the UPS service with imported profiles and start over...
The question to you: how can I fill in the missing DN fields and force these buggy accounts to import? I have some ideas, if there is anyone that can provide usefull tips or other/better idea please do.
Idea 1: Fill in the DN entries manually in the database (but then I have no idea what should be placed in the DNiD, cs_DN, RecordId columns). I am also aware that by doing that, I will loose Microsoft Support, so it's a poor solution. Idea 2: On an independent farm connected to the same Active Directory, create UPS service, synchronize all the users from scratch and then using FIIM client/Resource Manager do user migration from that UPS somehow. Unfortunatelly I have no idea how this can be achieved...
Keep in mind that its 20k users affected and I really don't want to do anything manually :)
What I already tried: - Reset Synchronization database (Technet procedure, including 2x full sync)
Please if you have any idea, even if it may be weird/incomplete - post it, I need to figure this out and together maybe we will be able to solve this.
Farm configuration: SharePoint 2010 Enterprise with SP1 + August 2011 Cumulative Update, SQL 2008 R2 Enterprise
Solution 2
I've found the solution - I need to use the Replication Engine, move the custom properties to the independent User Profile Service, delete and reimport the corrupted profiles on the original UPS, and then use Replication Engine again to fill the custom profile properties.
More about Replication Engine: http://technet.microsoft.com/en-us/library/cc663011.aspx
OTHER TIPS
Another solution could be the following (with some custom code, e.g. powershell or console app):
- backup of all the user profiles that are bugged the user profile properties to xml
- delete those user profiles from the UPS
- try to run a full import: your profiles should be back by now
- restore all the user profile properties that you backupped.
we used this scenario in our MOSS2007 environment, because we had some problems with the SSP. This scenario should work with SP2010 (we are going to use this scenario too for our SP2007 -> SP2010 migration. I know that are other ways to do it too, but we have our reasons ;))
