SharePoint 2013 AD Connector Import Property Issues

If you’re like me, and you need to import a large number of users and groups into SharePoint, you were ecstatic with the release of SharePoint 2013 and the AD Connector. No more issues with FIM, no crazy start-up issues, no Sync DB issues, finally I get to take a vacation and not worry.

Or so I thought…after testing the AD Connector, it would appear that both the Manager and Assistant property are skipped during a Full Sync. After a week or so of testing, I gave up and called Microsoft for help, and looking at the issue, and reproducing it there, they have explained that this is a bug in the AD Connector. Great. It only happens on a Full Sync, or if a new user is added to AD and imported to the Profile DB. Incrementals do not remove the property data.

So, if you’re using the AD Connector (and you should be), and you’re not seeing Manager or Assistant being populated, fear not, you are not crazy (or maybe you are, it’s not my place to judge).

Is there a fix? Maybe (involves some nutty work with a sproc, jabber jabber jabber). Is there a workaround? Of course.

I wrote this script to run as a scheduled task after the profile sync is complete. It will parse through your profiles, and for each profile where Manager or Assistant are blank, will make a look-up in AD to see if there is supposed to be something there, and add it to the Profile.

If you want to use the script, feel free (At least PowerShell 3.0 please, I’m using the Active Directory snapins, and it kinda expects you to be running it from the E:\Scripts folder, so change up the log file location if needed):

# Description of Function:  This script will compare each profile and determine if the manager and assistant property
#				is missing by checking Active Directory.  If the manager or assistant propery is missing, 
#				but is valid in AD, the profile will be updated with the correct Manager and Assistant.
#				This corrects a known issue in the SharePoint 2013 AD Connector Profile Import
# Version History:  1.0
# Input parameters (if any)
# Creates a function to dispose of all variables that are disposable

function Dispose-All {
	Get-Variable -exclude Runspace | Where-Object {$_.Value -is [System.IDisposable]} | 
		Foreach-Object {$_.Value.Dispose()}
Import-Module Activedirectory

# Load up the SharePoint cmdlets if they are missing
if (!(Get-PsSnapin | Where-Object {$_.Name -match "Microsoft.SharePoint.PowerShell"}))
{Add-PsSnapin Microsoft.SharePoint.PowerShell}

$outputFile = "E:\Scripts\FixNullProperties.txt"
if (test-path $outputFile) {Remove-Item $outputFile -force}

# Grab the Central Admin webapp and connect to the Profile System
$url = Get-SPWebApplication -IncludeCentralAdministration | where {$_.IsAdministrationWebApplication}
$site = Get-SPSite $url.url
$context = Get-SPServiceContext $site
$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$AllProfiles = $ProfileManager.GetEnumerator()

foreach($profile in $AllProfiles){
	Set-Variable profileCommit,adAccount,adManagerAccount,adassistantAccount,Manager,Account,distinguishedName,Assistant -value $null
	$Manager = $profile['Manager'].Value
	$Account = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value
	$distinguishedName = $profile['SPS-DistinguishedName'].Value
	$Assistant = $profile['Assistant'].Value

		If((!$Manager) -OR (!$Assistant)){
		$adAccount = (get-aduser -Filter 'distinguishedName -eq $distinguishedName' -Properties Manager,Assistant -ErrorAction SilentlyContinue)
		If($adAccount.Manager -AND (!$Manager)){
			$adManagerAccount = (get-aduser -Filter 'distinguishedName -eq $adAccount.Manager' -ErrorAction SilentlyContinue)
			$adManagerID = ($adManagerAccount | select -expand UserPrincipalName).Split("@")
			$MgrhomeDomain = $adManagerID[1].Split(".")[0]
			$finalMgrData = $MgrhomeDomain + "\" + $adManagerID[0]
			$profile['Manager'].Value = $finalMgrData
			If($MgrhomeDomain){$profileCommit = "1"}
			Add-Content $outputFile "Added Manager $finalMgrData to Profile $Account"
		If($adAccount.Assistant -AND (!$Assistant)){
			$adAssistantAccount = (get-aduser -Filter 'distinguishedName -eq $adAccount.Assistant' -ErrorAction SilentlyContinue)
			$adAssistantID = ($adAssistantAccount | select -expand UserPrincipalName).Split("@")
			$assistantHomeDomain = $adAssistantID[1].Split(".")[0]
			$finalAssistantData = $assistantHomeDomain + "\" + $adAssistantID[0]
			$profile['Assistant'].Value = $finalAssistantData
			If($assistantHomeDomain){$profileCommit = "1"}
			Add-Content $outputFile "Added Assistant $finalAssistantData to Profile $Account"

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation