The User Profile Synchronization service is the core of the synchronization architecture in SharePoint Server 2013. When you start the User Profile Synchronization service on the synchronization server, SharePoint Server 2013 provisions a version of Microsoft Forefront Identity Manager (FIM) to participate in synchronization. A User Profile service application can only have one User Profile Synchronization service. A User Profile Synchronization service is associated with connections and mappings.
Plan profile synchronization for SharePoint Server 2013
Profile synchronization (also known as "profile sync") allows you to create user profiles by importing information from other systems that are used in your organization.
You can only run one instance of the User Profile Synchronization service on a farm,The computer on which the User Profile Synchronization service runs is called the synchronization
You specify the synchronization server when you create the User Profile service application. SharePoint Server provisions a version of Microsoft Forefront Identity Manager (FIM) on this computer to participate in synchronization.
When you create the User Profile service application, you can specify the synchronization server (also known as the profile synchronization instance), which is the computer that will be used to synchronize profile information. Creating the User Profile service application creates several databases, such as the profile database.
Important consideration to guarantee successful setup for User Profile Synchronization service
- User profiles service application should be created before starting the synchronization service
- MySite should be setup before starting the synchronization service
- User Profile service application can only have one User Profile Synchronization service that can be defined from the users profiles service application properties (Central administration – manage service applications
- The farm account (which runs the timer job) should be added during the setup to local administrators group on the server where synchronization service is going to be run (you can remove the user from the administrators group once the synchronization service is provisioned successfully) .
Note: After making changes to the farm account, e.g. add admin to administrators (make sure to restart the timer service or restart the server) in order for this change to take effect.
- The farm account (that runs SharePoint timer service) should has Log On Locally permission to the server on which you are trying to start the User Profile Synchronization service., this can check "allow log on locally" from administrative tools -- local security -- local policies -- user rights assignment.
- Plan account permissions
- The User Profile Synchronization service runs under the farm account. The farm account requires specific permissions to configure profile synchronization, The Farm account must be a member of the Administrators group on the synchronization server. You can remove this permission after you have configured the User Profile Synchronization service.
- The Farm account must be able to log on locally to the synchronization server
- The synchronization account for a connection to Active Directory Domain Services (AD DS) must have the following permissions:
- It must have Replicate Directory Changes permission on the domain with which you'll synchronize. For more information, see the "Grant Replicate Directory Changes permission on a domain" section of Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013.
- One of the most important tools for monitoring and troubleshooting the synchronization process is a tool called miisclient.exe located under ..\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell
Now after setting all of the above you can start the User Profile Synchronization Service which might display the status of Starting. When you start the User Profile synchronization service, SharePoint Server provisions FIM to participate in synchronization. This may take 10 minutes.
Missing one of the above might cause one of the two below behaviors:
- User profiles synchronization hang on starting
- User profiles synchronization stop after starting it.
References
Synchronize user and group profiles in SharePoint Server 2013
http://technet.microsoft.com/en-us/library/ee721049.aspx#UPSAProc
Plan profile synchronization for SharePoint Server 2013
http://technet.microsoft.com/en-us/library/ff182925.aspx
Overview of profile synchronization in SharePoint Server 2013
http://technet.microsoft.com/en-us/library/gg188041.aspx
Troubleshoot User profile synchronization issues
http://technet.microsoft.com/en-us/library/gg750257.aspx
Harbar site - User Profile Synchronization