How to import users from a different domain in User Profile service application?
https://sharepoint.stackexchange.com//questions/33618
-
08-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
The sharepoint server is setup in the public domain and all service accounts used for installation and configuration are based off of the same(public)domain as well. The server is meant to host the extranet and hence I need the user profiles from the local domain as well. I used the publicDomain\spfarm to obtain all user profiles from the public domain. Now how would I go about doing the same for the users from the local domain? What account would I need to use?Do I need to create a new one? Please note that there is a two way trust between the domains. Thanks
Solución
If there is a two way trust in place, simply map a connection to that second domain into UPS. In the scenario where there is a two way trust, you don't have to do anything special, simply tell UPS to also synchronize against that second domain. I did have one client that had a two way trust in place, but there was some issue with the Replicating Director Changes role where one of the domains wasn't honoring the trust that our sync account should have that role, and we had to manually grant Replicating Directory Changes on the other domain as well. That said, it was an environment that had many AD issues, that's not a normal requirement. If your sync account has Replicating Directory Changes on one domain, and there's a full trust in place, it should honor it. Note that if you want extranet users to see only extranet profiles then you will want to create a second UPS Service Application that's restricted to only the extranet web application so you can isolate them.
As you have a two way trust, you won't need to do anything special for the people picker either. I'll offer this (Microsoft document) only for future reference. If you have a situation where there's a one way trust, you have to configure the people picker with an account that has the necessary query permissions on that other domain in order for the people picker to be able to search and return users in that domain. Again, only applicable in a one way trust scenario. I also have a blog post that covers some similar people picker issues.
