Sharepoint 2013: AD users not found on people/user picker, but they shows up only in Central Admin site

Question

I'm having problem with my SharePoint 2013 people picker. It doesn't shows any AD users at all.

But strangely, when I pick/search people in its Central Administration site, all my AD users are shown.

Both of the site are on the same server and of course were installed as a same package of sharepoint installation.

Did I missed something? I have done previously installation of SP2010, but never came across this problem. Any log files or event log to look at?

Thank you so much for your help... :)

One more thing, I'm new to sharepoint :)

Answer 1

Active Directory Import is similar to the Profile import mechanism we had back in SharePoint Server 2007. It's an awful lot easier and quicker to configure than "SharePoint Profile Synchronisation", AKA "User Profile Synchronisation Service" (in services on server) AKA ForeFront Identity Manager (FIM) for SharePoint Server 2010.

Enabling AD Import mode can be achieved via SPCA following UPA creation within "Configure Synchronization Settings". You can happily change the setting in the UI (although I have had occasional issues with the relevant JavaScript not firing):

using powershell

$upa=Get-SPServiceApplication -Name "UserProfileServiceAppName" 

$upa.NoILMUsed=$true 

$upa.Update()

http://www.benjaminathawes.com/blog/Lists/Posts/Post.aspx?List=c4ef5a3d%2D6f2b%2D40cf%2Da53d%2D04e9f3beedd4&ID=42&Web=b5c13492%2D56d6%2D4868%2D90bf%2Da96d72070f07

EDIT

To select SharePoint Active Directory Import

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

   2. On the SharePoint Central Administration website, in the Application Management section, click Manage service applications.

   3. On the Manage Service Applications page, click the User Profile service application name.

   4. On the Manage Profile Service page, in the Synchronization section, click Configure Synchronization Settings.

   5. On the Configure Synchronization Settings page, in the Synchronization Options section, select the Use SharePoint Active Directory Import option, and then click OK.

the above i presume is what you have already done?

To create a connection to a directory service for import

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

2. On the SharePoint Central Administration website, in the Application Management section, click Manage service applications.

3. On the Manage Service Applications page, click the User Profile service application name.

4. On the Manage Profile Service page, in the Synchronization section, click Configure Synchronization Connections.

5. On the Synchronizations Connections page, click Create New Connection.

6. On the Add new synchronization connection page, type the synchronization connection name in the Connection Name box.

7. From the Type list, select Active Directory Import.

8. Fill in the Connection Settings section by using the following steps:

   1. In the Fully Qualified Domain Name box, type the Fully Qualified Domain Name of the domain.

   2. In the Authentication Provider Type box, select the type of authentication provider.

   3. If you select Forms Authentication or Trusted Claims Provider Authentication, select an authentication provider from the Authentication Provider Instance box. The Authentication Provider Instance box lists only the authentication providers that are currently used by a Web application.

   4. In the Account name box, type the synchronization account in the form \. The synchronization account must have Replicate Directory permissions or higher on the root OU of Active Directory.

   5. In the Password box, type the password for the synchronization account.

   6. In the Confirm password box, type the password for the synchronization account again.

   7. In the Port box, type the connection port.

   8. If a Secure Sockets Layer (SSL) connection is required to connect to the directory service, select Use SSL-secured connection.

   9.If you want to filter the objects to be imported from the directory service, in the Filter in LDAP syntax for Active Directory Import box, type a standard LDAP query expression to define the filter.

9. In the Containers section, click Populate Containers, and then select the containers from the directory service that you want to synchronize. All OUs selected will be synchronized with their child OUs. There is currently no utility to allow a parent OU to be selected with any of its child OUs excluded from synchronization.

10. Click OK. The newly created connection is listed on the Synchronization Connections page.

To map user profile properties

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

2. On the SharePoint Central Administration website, in the Application Management section, click Manage service applications.

3. On the Manage Service Applications page, click the User Profile service application name.

4. On the Manage Profile Service page, in the People section, click Manage User Properties.

5. On the Manage User Properties page, right-click the name of the property that you want to map to a directory service attribute, and then click Edit.

6. To remove an existing mapping, in the Property Mapping for Synchronization section, select the mapping that you want to remove, and then click Remove.

7. To add a new mapping, do the following:

   1. In the Add New Mapping section, in the Source Data Connection list, select the data connection that represents the directory service to which you want to map the user profile property.

   2. In the Attribute box, type the name of the directory service attribute to which you want to map the property.

   3. Click Add.

8. Click OK.

9. Repeat steps 5 through 8 to map additional properties.

To start profile synchronization

1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

2. On the SharePoint Central Administration website, in the Application Management section, click Manage service applications.

3. On the Manage Service Applications page, click the User Profile service application name.

4. On the Manage Profile Service page, in the Synchronization section, click Start Profile Synchronization.

5. On the Start Profile Synchronization page, select Start Full Synchronization if this is the first time that you are synchronizing or if you have added or modified any synchronization connections since the last time that you synchronized. Select Start Incremental Synchronization to synchronize only information that has changed since the last time that you synchronized.

6. Click OK. The Manage Profile Service page is displayed, showing the profile synchronization status in the right pane.

make sure you follow all the steps above!

http://technet.microsoft.com/en-gb/library/jj219646.aspx

Answer 2

This is not related to UP Sync. Make sure your web app accounts have permissions to make AD lookups (add them to Domain Users) as the People Picker is run under this security context.