In the December post, SharePoint 2016 Initial Configuration, Part 2, I created some managed accounts, a web application and a root site collection using the Graphical User Interface and PowerShell. The third blog in this series details creating a User Profile Service Application and importing users.
In SharePoint 2016 Preview and SharePoint 2016 Beta 2, the User Profile Service Application is easier to configure than in previous versions of SharePoint. SharePoint 2016 no longer uses the ForeFront Identity Manager client (FIM) as the synchronization client. The default process for synchronization is Active Directory Import. This eliminates the need for adding the farm account to the local administrators group when provisioning and also eliminates the User Profile Synchronization Service. We no longer have worry about the User Profile Sync “stuck on starting” issues that have plagued SharePoint Administrators since SharePoint Server 2010. There are also options to use other synchronization tools as well such as Microsoft Identity Manager 2016 or third party tools. To learn more about these options, read, What’s Deprecated or Removed from SharePoint Server 2016 Release Candidate.
Overview
In this blog post, I will demonstrate the following:
- Creating the User Profile Service Application
- Configuring a Synchronization Connection using AD import
- Starting a Full User Profile Sync
- Verifying that User Profiles have synced
Creating the User Profile Service Application
Using the GUI
Browse to Central Administration and click Manage Service Applications.
Select New and then User Profile Service Application.
In the Create New User Profile Service Application wizard, fill in the required info and click Create. Note that the managed account no longer requires any special permissions.
Wait a few moments while the User Profile Service Application is being created.
Now that the User Profile Service Application has been successfully created, click OK.
Using PowerShell
Configuring a Synchronization Connection using AD import
Using the GUI
Select the User Profile Service Application.
Click Configure Synchronization Connections.
Click Create New Connections.
Fill in all relevant information as shown below and select Populate Containers. Note that an account that has been delegated Replicate Directory Changes permission is needed for AD import to sync accounts to SharePoint. Learn more about how to delegate this permission.
Scroll down and select the OUs that you would like to Sync to SharePoint and click OK.
Wait while the Synchronization Connection is being created.
Using PowerShell
Currently PowerShell does not support a way to do this with that does not involve using IE as a COM object to navigate to pages of the Central Administration and “act like a user”. Learn more.
Starting a Full User Profile Sync
Using the GUI
Click Central Administration.
Click Manage service applications.
Select the User Profile Service Application.
Click Start User Profile Synchronization.
Select Start Full Synchronization and click OK.
Using PowerShell
Verifying that User Profiles have synced
Refresh the browser and wait a few minutes. Eventually all the User Profiles will sync over. Click Manage User Profiles to verify that the user profiles were imported correctly.
Type in your domain’s NetBIOS name and select Find to display all the user profiles.
More to Come
In the next SharePoint Server 2016 Preview blog, I will walk through creating and configuring an Office Online Server Preview server and how to integrate it with our SharePoint 2016 farm to open MS Office files from the browser.
