[Sync with Active Directory (AD)]
One of the project which I was assign to asked to to build a web part which shows user details like Title,First Name,Last Name, Dep .. etc. Employee records or data should pull from the Active Directory (So what is this Active directory : Simply, Active Directory (AD) is a directory service created by Microsoft for Windows domain networks.)
To do that couple of approaches came on to the table.
- Directly Deal with AD and Get the Data we want by sending some kind of searching mechanism.
- Create Time Job and pull all the data from a Active directory and inject them in to a list then using that list we can achieve the task.
- Using Profile Service.
First two options has couple of draw backs.
Option One : Directly deal with AD - sure we can do this but it's a kind of a slow process. and it might hit performance of the Application as well as AD it self. AD has not been designed to work as a efficient Data Base (it's purpose id different).
Option Two: Create Timer Job. - Yes we can do this also and it's a mature process than directly dealing with AD, but we might face some issue with "List View Threshold" Eg: Imagine we got about 7000 records for one searching, if List View Threshold is 5000 (Default) then we might get exception. And to overcome this we had to change the settings for the application (Read more [ How to Change the List View Threshold and Other Resource Throttling Settings]). and this is a little bit pain process and takes time. Even user need to add more properties for the list and map them with Current Ad attribute. then we had to change the things from code level and re run it again.
When you consider on Option Three: Using User Profile Service, "Yes" it's more Reliable and customization is easy. The most happiest part is it's design to address similar kind of situations which we are talking.
How to Sync ??
Go to the Central Administration > Application Management
(Left Panel) > Click on Manage Service Application.
Then Click on User Profile Service Application which you are
going to sync with Active directory.
There you can see some details as following on the Right
Corner . if you see some miner number under the Number of User Profiles, it
means that this Service has not been synced with AD.
|
|
|
Then Go to the ‘Configure Synchronization Connections’ and
Try to add new connection by click on Add New Connection.
If you get error message saying User Profile
Synchronizing service not running Then
we have to Up the service.
To Do that Go to the System Settings > Manage Service On
Server.
The you will see that User Profile Synchronizing service is
in Stop state.
Click
on Start then you get following window, give the credential for that, and then
click ok.
Then
You will see that service status is changing to “starting”.
Then you have to wait few minutes (it’ll take 5 – 10 min).
Till it completed (Once it completed you see status as “Started”).
Then again go to the User Profile Service and click on Configure
Synchronization Connections then click on Add New Connection (Now you can see
New connection Adding Window will open up [coz service has stared ])
Then Fill Following fields Forest name, Account name,
Password.
Onece it done click on Populate
Cotainers button the it’ll reach the Active Directory and populate groups and
categories.
You can select the categories or Groups which you need to
sync (in here I checked domain which sync all the domain records)
Then clicks ok and it’ll take some time to adding the new
connection.
Then go to the User Profile Service again and clicks on
starts profile synchronization.
You can see Profile
synchronization Status changed into “Synchronizing”
Once it done go to the Manage User Profile and try to search
a user you will get details on that particular person.
This is how we can Sync User Profile Service with Active
Directory.
Next question you might ask from me "How to Deal with User Profile Service in code Level" - no worries guys I'll explain that in my next posts.
ok That's It ...
HAPPY CODING
No comments:
Post a Comment