Friday, March 14, 2014

What to do when a User Profile is out of sync with Active Directory

Frequently I will get a report from a user that a user profile is out of sync or doesnt display correct information.

The first thing I do is query AD to make sure that it contains the correct information.  If AD is correct but the SharePoint User Profile is incorrect, you can try to force a full synchronization.  But if this is not successful, here are a couple other things you can try:

1) Use PowerShell Cmdlet to force a sync with AD
Set-SPUser –Identity <domain>\<username> –SyncFromAD –Web http://<webapp>

2) Manually delete and immediately re-add the profile in Central Administration.  This will force the profile service to query AD and populate with the correct information. There are no worries to delete the profile in UPS, because it wont delete the user from any site collections or lose any metadata.  It will simply re-build their profile.

3) If all else fails, you will need to remove the user from SharePoint Site Collection and re-add them.  Please keep in mind that this will remove them from any security groups they may have been added to.  All original permissions will be lost and you will need to re-add them to each of these groups and sites manually.  Use this step with EXTREME caution.

For this, navigate to the User Information List by adding "_layouts/people.aspx?MembershipGroupId=0" to the end of your site collection URL.  Select the user you wish to remove, and click Delete User from Site Collection.

No comments:

Post a Comment