User account name is changed in AD and getting access denied error in SharePoint 2010/2013

For some reasons if user account is changed in AD and it wont reflected in SharePoint direclty ,in this case users get access denied error because of id conflict issue. In this situation first we need to verify both old and new user accounts in SQL Database and User Profie services and need to confirm both the user account exists.

Once both the user accounts are exists in the database and user profile, we can migrate the permissions from old user to the new user as mentioned below :

To verify the account details in SQL : ( this should be executed in respective content database of the site collection)

select tp_ID, tp_Login, tp_Deleted from UserInfo where tp_Login = 'production\a.hamdan.ejd' or tp_Login ='production\ a.hamdan'


To migrate the permissions from old user to new user :

stsadm -o migrateuser -oldlogin production\a.hamdan.ejd -newlogin production\ a.hamdan -ignoresidhistory

Here ignore sid histroy parameter is used because it may refer for user histroy for new account while migrating the permissions which is not required.

User Profile Sync DB Rebuilding in SharePoint 2010/2013

Issue : User Profile Synchronization service is failing , because of this import and export operations are not working between AD and SharePoint.

We have gone through all the logs and finally we could find some data is corrupted in sync database through diagnostic logs , which is collected by Microsoft Support team.

We have implemented following steps to rebuild sync database and before that we have taken UPA Databases backup and farm backup.

  1 Stop the SharePoint Timer Service in the App Server running UPS.

  2 Stop User Profile Synchronization service through Central Administration.

  Central Admin >  System   Settings .Manage Services on Server > App Server > User Profile Synchronization Service        and click Stop

 3 Run the following PowerShell in SharePoint Management Shell with elevated permissions

    Get-SPDatabase | Out-File D:\Databases.txt

    Open the databases.txt file and file the ID for Sync database.

 4 Run the following PS commands to remove data in sync database 

$syncDataBase = Get-SPDatabase -Identity “GUID of Sync database”

$syncDataBase.Unprovision()

$syncDataBase.Status=’Offline’

  5 Get the reference to User Profile service, reset and provision the sync database

$ups = Get-SPServiceApplication -Name “User Profile Service”

$ups.ResetSynchronizationMachine()

$ups.ResetSynchronizationDatabase()

$syncDataBase.Provision()

 6 Verify that Farm admin account has access to sync database in SQL.

 7 Start back the SharePoint Timer Service which we stopped in step 1.

 8 Start back the User Profile Synchronization Service running in App Server. Central Admin > System Settings .Manage Services on Server > App Server> User Profile Synchronization Service and click Start. This might take 10-15 mins to start after you enter Farm admin credentials

 9 Optional IISRESET 

 10 Open the User Profile Service Application under Central Admin > Application Management > Manager Service Applications. Configure the synchronization connections and Connection Filters.

11 Rebuilding your SyncDB or recreating connection to Active Directory will mark all user profiles for deletion after first full or incremental sync. Disable MySite Cleaner Timer job to prevent user profiles from getting deleted.

12 Configure any mappings to custom property mappings

13 Run Full Synchronization, twice to sync all the users.

 Above steps resolved issue, sync is running successfully.

SharePoint 2013 Prerequisites - App Fabric Error

When I am trying to install SharePoint 2013, I got below error while running pre requisite tool ,

Below are the resolution steps to solve this error, here we need to install app fabric and respective KB  component through command prompt, for some reason  tool does not pick up this app fabric component.so we are doing it through cmd prompt.

1.Identify the SharePoint Path where setup is located , in my case the path is C:\Softwares\SharePoint SP1 slipstream, under this you will find many folders and files, notice the prerequisiteinstallerfiles  as shown in the below screen.

  

      

2.Download the WindowsServerAppFabricSetup_x64.exe and AppFabric1.1-RTM-KB2671763-x64-ENU.exe files and place this under the folder prerequisiteinstallerfiles

3.Then navigate to the folder C:\Softwares\SharePoint SP1 slipstream from the command prompt and run the following commands.
 
           prerequisiteinstaller.exe  /AppFabric:prerequisiteinstallerfiles\WindowsServerAppFabricSetup_x64.exe

4.after completion of above ,it will pop the pre requisites tool and it will continue to install the app fabric component , then system will reboot by itself after sometime.
 
5.After completion of reboot ,run again the pre requisites tool ,it will check if any missing components of app fabric. Then proceed to below step.

 

         prerequisiteinstaller.exe /KB2671763:prerequisiteinstallerfiles\AppFabric1.1-RTM-KB2671763-x64-ENU.exe
 

Repeat 3 and 4 steps again. With this app fabric components successfully installed.

 

Thank You.

 

 

Importing Profile Pictures from AD to SharePoint 2013

Below are sequential steps to import profile pictures from AD to SharePoint My Sites.

1.       Create My Site Web Application and respective site collection with mysitehost as template

2.       Then provide the create permissions for everyone under user policy under the web application settings

3.       Then create managed path for the my site web application with wildcard inclusion.

4.       Then make sure you are running UPA service under the system services.

5.       Then create user profile service application

6.       Then start the user profile sync service under the services, this account should have been part of local admin group and allow logon policy under security policies.

7.       Then create connection to AD , here you need to provide forest name and service account which should have replication directory permissions on AD.

8.       Test connection and choose the respective OU users you would like to import

9.       Then navigate to the user properties and look for “picture” property ,under the mapping section choose above connection created and choose attribute as “thumbnail photo” and click on Add.

10.   Then start full sync

11.   Execute the below command

Update-SPProfilePhotoStore -MySiteHostLocation  <<mysitewebapp URL>> -CreateThumbnailsForImportedPhotos $true

 With the above steps , we should be ready with picture in my site profiles.

and pictures will be saved in three different sizes in the location

http://<<mysiteurl>>/_layouts/15/start.aspx#/User%20Photos

 

Secure Store Service Concept in SharePoint 2013

Why Secure Store Service Application in SharePoint ?

When data is stored in external source (anything other than SharePoint content database data is considered to be external ), SharePoint has to make separate request to display external data on SharePoint pages.

How this is achievable? This can be achievable with SharePoint Secure store service, it's important to understand that the username and password used to access external data stores may not be the same as the username and password used to access SharePoint.                                                                                                                                                                                                                    

When we are requesting data from external source from SharePoint, that user should be known to external data system, only then SP will be able to display the data.

The Secure Store Service is designed to create a background mapping between a group of users in SharePoint, and a single user known to the external data system

Note : Whatever the account (It is the single user account mentioned in above point ), that you have mentioned under set credentials section that should be given PSDATAACCESS on the respective external database.