About UserNotFoundException when SharePoint AD LDS (LDIF) sync operation

You are trying to Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file in SharePoint 2013 Using the following article : http://technet.microsoft.com/en-us/library/ff959234.aspx. You have successfully used this method in your SharePoint 2010 farm, however when you try to configure it in SharePoint 2013 and attempt a synchronization, you an ma-extension-error.

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.AggregateException: One or more errors occurred. —> Microsoft.Office.Server.UserProfiles.UserNotFoundException: A user with the specified SID could not be found in the domain.  Check the spelling of the account name ‘johnd@contoso.com’ and try again. —> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
at Microsoft.Office.Server.Utilities.Win32.AdvApi.LookupAccountName(String lpSystemName, String lpAccountName, IntPtr Sid, Int32& cbSid, StringBuilder ReferencedDomainName, Int32& cchReferencedDomainName, SID_NAME_USE& peUse)

Reason for this error

The objectSid attribute was not included in the LDIF file.  The objectSid is required in SharePoint 2013 to process the accounts listed in the LDIF file.

For resolution :

1. Go to the LDIF MA, right click and select properties
2. Select Configure Attributes
3. Select New
a. Name: objectSid
b. Type: Binary
c. Select Ok
4. Go to the LDIF MA, right click and select properties
5. Now Select “Define Object Type”
6. From the Object types: select user and click Edit
7. Select objectSid and put it into the May have attributes:
8. Select OK
9. Select Configure Attribute Flow
10. Expand the user object
11. From the Data source attribute, select objectSid
12. From the Metaverse attribute, select objectSid
13. Mapping Type is Direct
14. Flow Direction is Import
15. Select New
16. objectSid displays in the Configure Attribute Flow
17. Select OK
18. Right click the MOSS MA and select properties
19. Select Configure Attribute Flow
20. Verify that the SID to objectSid attribute flow exists
21. Select OK
22. Open your LDIF file for edit
23. Add the objectSid to your accounts
24. Save the file
25. Run a Full Sync

An example from my test LDIF file

dn: CN=John Doe,CN=Roles,CN=Partition,DC=Contoso,DC=COM
changetype: add
displayName: John Doe
userPrincipalName: johnd@contoso.com
sn: Doe
mail: johnd@contoso.com
givenName: John
objectClass: user
objectSid:: AQUAABTfkXMrX0BU0ChCzd4FhEeWw8XrYl1T+Q==

-How you find the correct sid ? You need to extract correct sid from AD LDS.
ldifde -f “c:\import.ldif” -s “localhost:389″ -d “CN=partition,dc=contoso,dc=com” -r “(objectClass=user)” -l “dn,changetype,displayName,userPrincipalName,mail,givenName,sn,objectSid

Unable to sync user titles for Welcome name in SharePoint

Hello ,

If you facing this problem you may read my previous post.
http://blog.bugrapostaci.com/2011/06/22/sharepoint-2010-change-your-display-of-wellcome-name

In this post i have adding another powershell script that detects and fixes this problems for a workaround.

# THIS CODE-SAMPLE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR
# FITNESS FOR A PARTICULAR PURPOSE.
<#

#Add SharePoint PowerShell SnapIn if not already added
if ((Get-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin “Microsoft.SharePoint.PowerShell”
}

if( $args.Length -eq 0) {
write-host “Usage : Missing ”
exit
}

$MissMatchCount = 0
$NoProfile = 0;
$NoPrefferedName = 0
$TotalUser = 0
$Matched = 0
$Fixed = 0

write-host “Intializing…”
$site = new-object Microsoft.SharePoint.SPSite($args[0]);
$ServiceContext = [Microsoft.SharePoint.SPServiceContext]::GetContext($site);
$ProfileManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext);

foreach($siteUser in $site.RootWeb.SiteUsers)
{
write-host “Checking -> AccountName: ” $siteUser.LoginName ” ID:” $siteUser.ID
try
{
$profile = $ProfileManager.GetUserProfile($siteUser.LoginName);
}
catch
{
write-host “Unable to get profile for user” $siteUser.LoginName -foregroundcolor red
$NoProfile++
$TotalUser++
Write-host “————-”
continue;
}

$AccountName= $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value
$PreferredName = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::PreferredName].Value

write-host “Profile Data -> Account: ” $AccountName ” DisplayName:” $siteUser.DisplayName ” PrefferedName:” $PreferredName

if( $accountName -ne $siteUser.LoginName)
{
write-host “Account MissMatch -> LoginName: ” $siteUser.LoginName ” Profile Account:” $AccountName -foregroundcolor red
}

if( $PreferredName -ne “NONE” )
{
if($PreferredName -ne $siteUser.DisplayName)
{
write-host “MissMatch :” $siteUser.LoginName ” DisplayName:” $siteUser.DisplayName ” PrefferedName:” $PreferredName -foregroundcolor yellow
$MissMatchCount++

#Set-SPUser -identity $siteUser.LoginName -Displayname $PreferredName -web $args[0]
#$Fixed++
}
else
{
Write-host “OK”
$Matched++
}
}
else
{
$NoPrefferedName++
}
Write-host “————-”
$TotalUser++
}

Write-host “Results”
write-host “Total User : ” $TotalUser
write-host “Total Matched User Count : ” $Matched
write-host “Total Fixed User Count : ” $Fixed
Write-host “Total Missmatch User Count : ” $MissMatchCount
Write-host “Total Missing Profile User Count : ” $NoProfile
write-host “Total Empty Preffered Name user Count : ” $NoPrefferedName

For fixing option just activate the line by deleting “#” charecter.

#Set-SPUser -identity $siteUser.LoginName -Displayname $PreferredName -web $args[0]
#$Fixed++

Usage is simple:
Save the script in your drive as ps1 file.

C:\> .\syncuser.ps1 <SiteUrl>
Exp
C:\> .\syncuser.ps1 http://blog.bugrapostaci.com

PS: To get output in a text file is a little tricky but you can do it like this.
Start a Command Prompt ( Not Powershell! )
Type following command
C:\> powershell .\syncuser.ps1 http://blog.bugrapostaci.com > .\results.txt

MOSS 2007 – Welcome name is not updated problem.

This is a very well know problem.  Even if you run full profile import on sharepoint 2007 the user’s which is name property has changed in AD , not updated on your site welcome name.
First of all you have to detect that the problem has encounter between Sharepoint and AD connection issues. If you see the updates in Profile Store in SSP correctly but not affecting welcome name this article may help you. If it is not updated correctly in Profile Store , it is another problem that out of scope for this article.

So what you can do :

Here is the command for force the sync operations.

stsadm -o sync -ignoreisactive 1
stsadm -o sync -deleteolddatabases 0
stsadm -o sync -synctiming m:5
stsadm -o sync -sweeptiming m:5
stsadm -o sync

Wait min 5 minutes. and check.

You can get more information about stsadm -o sync operations.
http://technet.microsoft.com/en-us/library/cc263196(office.12).aspx
If this is not solve your problem you can use fallowing tool for a workaround;
http://blog.bugrapostaci.com/2012/01/22/sharepoint-tools-wsscontentdbsync-v1-0-command-line-tool/