Monday, May 3, 2010

Sychronizing SharePoint Profiles with Active Directory

There are a lot of urban myths about importing profiles from AD, particularly on some blogs where it is claimed that deleted users are only erased from SharePoint on the third try.

Here are the steps when a user is deleted from Active Directory:

1. When the profiles are synchronized with Active Directory, the bDeleted flag is set to true in the SSP's UserProfile_Full table.

2. Every hour the MySiteCleanup job runs.
If bDeleted is true the job deletes the profile from UserProfile_Full table and adds it to the deleted users.
The manager gets a email and ownership of the MySite.

3. Every five minutes each Content DataBase sychronizes its UserInfo table with the SSP. This is the Quick Profile Synchronization (WSSSweepSynch).

4. Every hour there is a complete synchronization Profile Sychronization (WSSProfileSych).
This is bidirectional, in the up direction the Profiles are updated with the site collection membership list. In the down direction, the UserInfo table is updated with the Profile information. If a user flagged as deleted in the UserProfile_Full table, he is also marked as such in the UserInfo table. It is not be deleted in the UserInfo table, as it is needed for Auditing.

The procedure is the same in SharePoint 2010.

(With thanks to Chris Gideon, I based this on discussions with him at MCM training and Ignite. All mistakes are my misunderstandings, not his)