Sharepoint 2010 User Profile Syncronization Services can not syncronize user domain alias information correctly

If you have already running UPA and have correct sync connection than after changed NetBIOSDomainNamesEnabled true and already get full import but domain names still FQDN name instead of Netbios names.
(not any CU loaded)

Solution:
1) Check AD Replication Directory Changes Permission is set correctly .
see article:
http://blog.bugrapostaci.com/2011/04/27/checking-replication-directory-changes-for-account-by-powershell/

2) Clear all syncronization connections.

3) Clear all imported users
see article:
http://blog.bugrapostaci.com/2011/04/27/sharepoint-2010-delete-all-imported-profile-users-by-powershell/
4) Set NetBIOSDomainNamesEnabled true of your User Profile Service Application

$upsa = Get-SPServiceApplication –Id <Your UPSA id>
$upsa.NetBIOSDomainNamesEnabled=1
$upsa.Update()
# To get the GUID of the User Profile Service Application run Get-SPServiceApplication.

5) Reset OWSTimer and complete iisreset.

6) Recreate your synchronization configuration

7) Start Full Import.

Advertisements

Checking Replication Directory Changes for account by PowerShell

This power shell script checks Replication Directory Changes rights for specific user. You can use this script for detect sharepoint 2010 user profile service account has correct rights

Important !!!: this script not work with Domain Administrator’s accounts .

#Save to script a file named CheckRDC.ps1
usage syntax:
open Sharepoint 2010 PowerShell Console
PS> .\CheckRDC.ps1 “DOMAIN\username”

param( [string] $userName="")
function Check-ADUserPermission(
    [System.DirectoryServices.DirectoryEntry]$entry, 
    [string]$user, 
    [string]$permission)
{
    $dse = [ADSI]"LDAP://Rootdse"
    $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext)

    $right = $ext.psbase.Children | 
        ? { $_.DisplayName -eq $permission }

    if($right -ne $null)
    {
        $perms = $entry.psbase.ObjectSecurity.Access |
            ? { $_.IdentityReference -eq $user } |
            ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value }

        return ($perms -ne $null)
    }
    else
    {
        Write-Warning "Permission '$permission' not found."
        return $false
    }
}

# Globals

$replicationPermissionName = "Replicating Directory Changes"

# Main()

$dse = [ADSI]"LDAP://Rootdse"

$entries = @(
    [ADSI]("LDAP://" + $dse.defaultNamingContext),
    [ADSI]("LDAP://" + $dse.configurationNamingContext));

Write-Host "User '$userName': "
foreach($entry in $entries)
{
    $result = Check-ADUserPermission $entry $userName $replicationPermissionName

    if($result)
    {
        Write-Host "`thas a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" `
            -ForegroundColor Green
    }
    else
    {
        Write-Host "`thas no a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" `
            -ForegroundColor Red
    }
}

The synchronization account for a connection to Active Directory Domain Services (AD DS) must have the following permissions:

It must have Replicate Directory Changes permission on the domain that you will synchronize with. See Grant Replicate Directory Changes permission on a domain for instructions to grant this permission.

If the domain controller is running Windows Server 2003, the synchronization account must be a member of the Pre-Windows 2000 Compatible Access built-in group. See Add an account to the Pre-Windows 2000 Compatible Access group for instructions to grant this permission.

If the NetBIOS name of the domain differs from the domain name, the synchronization account must have Replicate Directory Changes permission on the cn=configuration container. See Grant Replicate Directory Changes permission on the cn=configuration container for instructions to grant this permission.

If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with. See Grant Create Child Objects and Write permission for instructions to grant this permission.

for more info :
http://technet.microsoft.com/en-us/library/ee721049.aspx

Sharepoint 2010 Delete all imported profile users by PowerShell

#PowerShell Script - Delete All User Profiles - SharePoint 2010
#The scripts is distributet "as-is." Use it on your own risk. The author give no warranties, guarantees or conditions.
 
 #Add SharePoint PowerShell SnapIn if not already added
 if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}


$site = new-object Microsoft.SharePoint.SPSite("http://blog.bugrapostaci.com:8090");  
$ServiceContext = [Microsoft.SharePoint.SPServiceContext]::GetContext($site);  

#Get UserProfileManager from the My Site Host Site context
$ProfileManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext)  
$AllProfiles = $ProfileManager.GetEnumerator()  

foreach($profile in $AllProfiles)  
{  
    $DisplayName = $profile.DisplayName  
    $AccountName = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value  
   
    #Do not delete setup (admin) account from user profiles. In this case account is 
    if($AccountName -ne "BLOG\Mossadmin")
    {
        $ProfileManager.RemoveUserProfile($AccountName); 
        write-host "Profile for account ", $AccountName, " has been removed"
    }

}  
write-host "Finished." 
$site.Dispose() 

note:this code is not belong to me thanks for that . I changed it a little .)

Sharepoint 2010 List all imported profile users by PowerShell

#PowerShell Script - List All User Profiles - SharePoint 2010
#The scripts is distributet "as-is." Use it on your own risk. The author give no warranties, guarantees or conditions.

 #Add SharePoint PowerShell SnapIn if not already added
 if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}
#Get ServiceContext from associated site
$site = new-object Microsoft.SharePoint.SPSite("http://blog.bugrapostaci.com:8090");  
$ServiceContext = [Microsoft.SharePoint.SPServiceContext]::GetContext($site);  

#Get UserProfileManager from the My Site Host Site context
$ProfileManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext)  
$AllProfiles = $ProfileManager.GetEnumerator()  

foreach($profile in $AllProfiles)  
{  
    $DisplayName = $profile.DisplayName  
    $AccountName = $profile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value  

    #Do not delete setup (admin) account from user profiles.
    if($AccountName -ne "BLOG\Mossadmin")
    {
        write-host "Profile: ", $AccountName
    }

}  
write-host "Finished." 
$site.Dispose()

note:this code is not belong to me thanks for that . I changed it a little .)

User Profile Application Service not getting correctly domain\username when NetBIOS anb FQDN names different.

See the my article:

http://blog.bugrapostaci.com/2011/04/27/sharepoint-2010-user-profile-syncronization-services-can-not-syncronize-user-domain-alias-information-correctly/