Our domain name is: “COMPANYNAME”, we log in as “COMPANYNAME\username”.
If we do not sync user profiles from AD to SharePoint, everywhere on the site, people picker shows our usernames as “COMPANYNAME\username”
Our Forest name is Company.Corp.Net, our domain controller name Controller.Company.Corp.Net
Assuming everything works, after synchronizing with AD we should get users in SharePoint as such: (COMPANYNAME\username){Last, First}
But, after synchronizing with AD we get users with a wrong Domain Name, as such: (Company\username){Last, First}
This occurs when your NetBIOS name is different from your domain name and you must enable NetBIOS domain names on the corresponding User Profile service application. For more information about enabling NetBIOS names on a User Profile service application, see Get-SPServiceApplication.
The UPA property NetBIOSDomainNamesEnabled is used to control whether the CNC partition is included in the AD MA or not. By default it is false (not enabled) and the CNC and associated run steps are not included in the AD MA configuration. If it is enabled, then the CNC partition and run steps are included.
When editing a connection, the flag is ignored. If the CNC was included in the AD MA when it was created, then it will continue to be included in the AD MA. If the CNC was not included when the AD MA was created then it will never be included in the AD MA. This is important as it means if you screwed up on the initial setup, you’re going to be effectively deleting all users which had their SAMAccountNames formatted incorrectly.
To “enable” NetBIOS domain names once a connection is created requires the connection to be deleted and a new connection created with the flag turned on (set to 1 or true). Remember, and it’s worth repeating: for users that were unintentionally imported with the flag turned off and later turn it on, this will delete all the users which had their SAMAccountNames incorrectly formated due to the NetBIOS domain name being incorrect, so keep your fingers crossed.
How To: Enable import of NetBIOS Domain Names
- Using the 2010 SharePoint Management Shell:
Get-SPServiceApplication <lists the Service Applications and their GUIDs> $UPA = Get-SPServiceApplication –Id <GUID of User Profile Service Application> $UPA.NetBIOSDomainNamesEnabled=1 $UPA.Update()
Delete the existing connection and “Create New Connection” on “Synchronization Connections” page.
Perform a new “Start Profile Synchronization”
Everyone’s SAMAccountName should now be using the correct netBIOS naming convention of COMPANYNAME\username.
great article. thanks.
Can you elaborate on the CNC and AD MA acronyms. Not entirely sure what you meant by “If the CNC was not included when the AD MA was created then it will never be included in the AD MA.”
CNC is the Configuration Naming Context, the primary repository for configuration information for a forest that gets replicated to every domain controller in the forest. The root of the CNC is found in the configuration container, so in the example above with a http://corp.net the configuration naming context be located at cn=configuration,dc=corp,dc=net
An MA is what is used when data moves from either the connector space to the metaverse or from the metaverse to the connector. Remember that SharePoint 2010 uses a very lightweight version of ForeFront Identity Manager, and each MA contains its own connector space and can be configured with rules on how to process the data using either the SharePoint UPS connector UI in central admin (recommended) or if you’re feeling brave the MIIScleint UI on the server running the User Profile Syncronization (usually found here: “C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe”).
So long story short, if you didn’t set up your MA correctly to begin with to handle the NetBIOS name being different from the domain name, you’ll have to delete your current connectors in SharePoint and rebuild them in order for the configuration information to be included in your User Profile Sync because you can’t go back and edit it to include the configuration info. That’s why step #2 is important.
Hi. Great post.
My issue is that every user profile changes domain name after he logs in and I run Incremental Sync.
After full sync its domain-a\user and after incremental sync (only if user logged on at least one time to site) it changes to domain-b\user
Any thoughts?
If we delete and recreate connection, will it delete current user profiles and import again?
what happens to Mysites…
If you leave your farm running as is, then yes, deleting the connection will delete the profiles. in order to preserve the profiles:
1. Disable the Mysite Cleanup timer job before you do anything
2. After the initial sync, profiles will be marked for deletion in the database (I think I have a post around somewhere on how to check what profiles are marked for deletion in the database, if not, good topic for later!)
3. Performing a full sync along with at least one incremental sync will switch the profile back to active.
4. It should now be safe to turn back on the Mysite Cleanup job.
Here is a good blog post from Kirk Evans that explains everything you ever wanted to know about the Mysite Cleanup Timer Job: http://blogs.msdn.com/b/kaevans/archive/2012/06/25/top-recommendations-for-managing-the-my-site-cleanup-timer-job.aspx
This perfectly answered the issue we had. Thank you veyr much
Thank you!
I re created my User Profile Service and forgot this step. All the profiles were deleted when the MySite Cleanup Timer Job ran.
I restored the Profile and Social DBs, Exported the User Photos library out of the MySite Content DB backup, recreated the User Profile Service using the restored DBs, completed your step to use NetBIOSNames and all was fine.
I imported the photos library backup into the MySites to restore all the photos that were deleted