SharePoint 2010

Checking the User Profile Sync permissions – SharePoint 2010 & SharePoint 2013

When configuring the User Profile Sync in SharePoint, you would have certainly read up Spence Harbar’s post on configuring the User Profile Sync. If you haven’t, then here’s a link you should definitely bookmark:

Spence has by far the most comprehensive guide on configuring the UPS. If you read and understand the above post, you wont go wrong with UPS configuration. Its no surprise that if you Google Spence Harbar, here is what you get:

The aim of this post was to talk about a little less known script to check to see if your UPS permissions are set correctly.

The script is called PowerShell Administration Library for SharePoint – “Administration.ps1”  by Tobias Lekman.

You can a few handy functions. Really worth checking it out.
Since we are talking about User Profile, I want to draw your attention to an interesting function called Check-Replicatechanges. Its as simple as loading up the PowerShell script and run a Check-Replicatechanges DOMAIN\UPSServiceAcc and it does a check on the specified User Profile Sync account to see if it has permissions fit for Forefront Identity Manager to perform its magic.

This tool is very handy if your AD infrastructure is run by another team and you don’t have Domain Admin permissions.


Write A Comment