Often times, you may have custom attributes setup in Active Directory or some other source where your user profile information comes from.  Here’s how to map those custom attributes to profile properties in SharePoint 2010

• Log in to Central Administration
• Go to Manage Service Applications
• Click on your User Profile Service Application
• Click on ‘Manage User Properties’
• Scroll down the list of properties until you see the one you want to map and edit it.
• On the ‘Edit User Profile Property’ page, scroll to the bottom until you see the ‘Property Mapping for Synchronization’ section.
• If this section has the correct mapping listed then should go to Step 10.  If nothing is listed, then please proceed to the next step.
• The next section is the ‘Add New Mapping’ section.  Select the Source, Attribute, and Direction of the new mapping and click ‘Add’.  If no sources are available, ensure that you have setup the connection to your active directory instance.
• Once successfully added, click ‘OK’
• Go back to the User Profile Service Application page and start a Full Synchronization.
  • Start Profile Synchronization
  • Select ‘Start Full Synchronization’ and click ‘OK’.
  • Once the synchronization has completed, go to ‘Manage User Profiles’.
  • Find the name of the user you want to check for the imported attribute and choose ‘Edit My Profile’
  • Scroll down to the property that you imported and verify that the correct data is there.

SharePoint’s User Profile Synchronization service is by FAR it’s most complicated and painful part to deal with. It is a bear to setup, modify, and maintain. To add to that, if you are importing supplemental User Profile Properties from a BCS connection, like SQL, then you should know that importing URL and Person data types are not supported.

For example, if you have a SQL Table with a “Manager” field in it; you cannot import that field into the “Manager” Profile Property in SharePoint. There is a very ugly and unsupported way of doing this here, but I would not recommend it.

The best solutions?

1. Import these fields directly into AD from whatever connection your BCS connection is pulling from. This is fairly simple when using Microsoft’s AD API.
2. Create a Timer Job Definition that uses the BCS connection to get the Profile Properties from SQL and then use the SharePoint API to manually set the properties on each user’s profile.

Here’s a really good post that explains how the User Profile Synchronization service works.

A quick fix but one that required several different methods for resolution. When attempting to access an OWA mailbox hosted on an Exchange 2007 Server the following error is received by the user:

“A problem occurred while trying to use your mailbox. Please contact technical support for your organization.”

Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.

The fix was the following:

1. Open Active Directory Users & Computers on a Domain Controller.
2. Enable Advance features from the View Menu.
3. Find the affected user and click Properties.
4. Go to the Security Tab
5. Click the Advanced Button
6. Check the box next to “Inherit from parent. . . “

Click Apply and OK until all windows are closed. The user should now be able to access their OWA mailbox.

Recently eGroup worked on a project for a large software company that involved creating a XENAPP 6 Farm for several hundred users, including many located in the UK, the Netherlands, and also in Australia. A core requirement of this install was to enable timezone, currency, and date format localization for CRM and Sales Management software utilized by those remote users.

XENAPP 6 requires Windows 2008 Server R2 64-bit to run and many of the policies available through the Citrix Delivery Console require settings in the GPMC. Because the latest version of XENAPP relies heavily on Windows 2008 Server Roles and the client was not running a full 2008 AD many of these policies were not available on their AD server.

Read more >>

Manage Engine’s ADMANAGER PLUS is a simple to use and easy to operate Active Directory management application. As administrators responsible for AD look to add automated reporting, bring in automation (create, delete, and manage), and serve as the centerpiece during a compliance audit (SOX and HIPAA), then ADManager Plus is worth a good look.

Read more >>

Quest’s Spotlight on Active Directory offers proactive performance monitoring and real-time diagnostics for detecting, troubleshooting, and resolving a number of issues (performance, replication, availability, etc).

Read more >>

When you just created your SharePoint Shared Services Provider (SSP) and are trying to navigate to the admin page through Central Administration you can get prompted for credentials… The problem is, even using the Farm adminstrator credentials do not work and it results in a HTTP 401.1 unauthorized error. Not to worry, the fix is easy. The issue is a default security setting in Windows 2003. Open up your registry editor (regedit.exe) and go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa. Add a new DWORD value called “DisableLoopbackCheck” and set the value to 1. Close out of the registry editor and restart IIS. Go back to your SSP admin site and you should be able to login now.