SharePoint is a collaborative software tool that is part of the Microsoft Office Suite. As a collaborative tool, user connections are to be expected. Once added, you will also need to update, import and sync their information accordingly to stay updated.
There are plenty of methods one can use to add, import or sync users into SharePoint, but the fastest and simplest way is through the use of Active Directory (AD).
It can be used as an alternative to using Microsoft Identity Manager (MIM) to import user profile data from Active Directory Domain Services (AD DS) in your domain.
One limitation is that AD import only works with Active Directory Domain Services (AD DS) and does not work with other directory services. More so, if you use AD Import, MIM or other external identity managers are not available for connections to other data sources such as business applications.
Despite being the fasted sync and import method, Active Directory does have a few situations when it won’t do its job properly.
Why won’t my SharePoint user profile sync with AD?
Here is a list of when and why Active Directory Sync and import may not work:
Things to know about Active Directory
- Referential integrity among users and groups is only maintained within a single Active Directory forest
- The AD import option lets you configure and use only a single, farm-wide property mapping
Things that Active Directory cannot do
- The AD import option does not:
- Automatically synchronize photos from Active Directory to SharePoint Server 2016
- Filter user interface to create complex Boolean expressions
- Provide object filtering based on object property values
- Ensure single-master of each object property
- Perform per-tenant property mapping
- Provide Logon and Resource Forest support
- That is, custom joins of data from multiple sources
Scenarios that Active Directory does not allow
- The AD import option does not support:
- Generic (non-AD) LDAP sources
- Source Schema Discovery
- Business Connectivity Services Import
- Property mappings for complex types like pictures and special AD types
- Exporting data from SharePoint to Directory Sources
- Upgrading/Translating FIM based connections or synchronizing configuration to AD import
- Bidirectional synchronization
- Changes made to SharePoint user profiles will not be synchronized back to the domain controller
- Multi-Forest scenarios such as:
- If you have a trust between two forests, the trusted forest objects will not be imported
- AD import does support importing users from multiple forests provided you create one synchronization connection per forest
- As an alternative, consider using Microsoft Identity Manager
By using this checklist, you should be able to avoid situations that ould otherwise prevent you from using Active Directory efficiently. However, if none of them can be avoided, remember that there are other methods of importing and syncing user profiles into SharePoint, albeit maybe more complicated.
Do you use Active Directory as an import method, or do you prefer a different one? Share your opinion with us in the comments section below.