Does SharePoint Farm require a Domain Controller?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/252639

  •  26-01-2021
  •  | 
  •  

Domanda

I've not long started a new job. I have inherited a SP2016 Farm, which I have to manage and develop as part of my role.

I have limited Central Admin access from a previous role with SP2013.

The current farm set up has: 1 DB Server, 1 WFE(/app) server - and a mail server (not currently configured).

The connection from AD to SP does not appear to have been set up correctly - I'm trying run the sync job to AD - when I click run, it rapidly returns to the previous page, so doesn't look at though it's doing anything.

The Sync Connection that is there does point to our AD - with type of Active Directory Import. I have access to the admin user name and password. And the correct containers appear. No additional profiles are ever added.

Do I need to add a separate Domain Controller to have a "full" connection from SharePoint to the AD ?

Or Do I need to tweak something in the sync connection?

None of the current servers have AD FS added as a server role.

Any help would be much appreciated. If you got this far, thanks for taking the time to read.

EDIT: Now I have my User Profiles visible. With regards to authentication - we want to be using Single Sign On, does that now mean I need to include the AD FS role on server?

Can that role be added to the WFE, or does it need to be on its on DC server?

Thanks

È stato utile?

Soluzione

Make sure that the User Profile Sync Service Account has Replicate Directory Changes permission In Active Directory.

The Replicate Directory Changes permission enables the synchronization account to

  • Read AD DS objects.
  • Discover AD DS objects that have been changed in the domain.
  • Does not enable an account to create, modify or delete AD DS objects.

enter image description here

Read the detail steps at Delegate User Profile Synchronization Service Account a Replicate Directory Changes

Altri suggerimenti

Yes you will need Domain controller if you want to sync between Active Directory and SharePoint user profile service application.

Domain controller is itself responsible to authenticate user , store user information data etc.

Moreever while configuring the sync , in the "Add new synchronization Connection" , there is an option that asks for domain controller.

You need to enter the domain controller over here.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top