I have configured my ldap to LDAP://ou=Test,dc=iwsdomain,dc=com
The user on the Access Account tab has Manage User Profile rights in Sharepoint and has the rights to Read/Write General, Profile and Personal and telephone properties in AD
there is one user in ou=Test it skips every user in the domain and fails on the one user with an error of Access Denied.
I'm stuck any ideas?
Fixed this by using a domain admin account instead of a MOSS account, and granted the domain admin account manage profiles.
Hello tswift,
I believe what occured is the account you used in the Access tab also requires to be a member of the local Administrators group. We apologize if this requirement is not properly defined in our documentation. If you prefer to use a user of more limited access, please try adding this user to the Local Administrators group and try the sync again.
Let us know how it goes,
Jeff Kozloff
Is a Bamboo product not meeting your every need? Have Bamboo customize it for you!Want to learn more about our wide range of products? Check out our Bamboo Storefront.
Hi Jeff,
just some further feedback for the application notes doco.
The LDAP connection string examples at the bottom of page 11 include a trailing comma eg DC=com,
My connection string did not work for that, I had to remove the trailing comma to make it work.
eg LDAP://DC=group,DC=company,DC=local,DC=com
Cheers,
Gavin
Hi,
I recently discovered that in our installation, the User Profile Sync tool was unable to update some of the accounts.
In the log file under Program Files, the message "Access denied" appeared:
<Content DateTime="18.01.2010 00:45:05" Account="LM\nohho1" Content="Error update nohho1.: Access is denied" />
In the log file under the user's folder under Documents and Settings, the following was displayed when trying to sync one of the users that had problems being synchronised:
SPProfileADSync 18.01.2010 00:45:05 ==> LM\nohho1--- Before Update - Address : --- After update - streetAddress : --- Before Update - City : --- After update - l : --- Before Update - Company : --- After update - company : --- Before Update - Department : --- After update - department : --- Before Update - Fax : --- After update - facsimileTelephoneNumber : --- Before Update - HomePhone : --- After update - homePhone : --- Before Update - Extension : --- After update - ipPhone : --- Before Update - CellPhone : --- After update - mobile : --- Before Update - State : --- After update - st : --- Before Update - Title : --- After update - title : --- Before Update - WorkPhone : --- After update - telephoneNumber : --- Before Update - Zip : --- After update - postalCode : --- Update Entry Exception: Access is denied.
The account (LM\nohho1) has no "admin" memberships, i.e. Domain Admin or Account Operator, etc.
The account set to be used to synchronize, had Account Operator access in the domain, as well as membership in the local Administrators group. Finally, I decided to boost the access level for this user to Domain Admin, and the tool was able to synchronize all users.
Shouldn't be enough to be member of the Account Operator group? In my opinion, Domain Admin seems like overkill.
Thanks for any feedback!
Regards,
Frank-Ove
I believe making this user a member of the "local administrators" group of the domain server would be sufficient.
Hello All,
There is a couple things you want to check for our product to run successfully:
In Shared Services Provider that you are connecting to open Personalization Services Permissions and confirm that the account you define to run the User Profile Application has Manage User Profiles right.
Make sure the account is a member of the Local Administrators on the server where the application is running.
In Active Directory, make sure the account has at least the rights to Read All Properties and Write All Properties for User Objects.
Another item is if you are running the Applicaiton Manually (not using the Unattended option) go to the actual EXE in C:\Program Files\Bamboo Solutions Corporation\Bamboo User Profile Sync\. Right click on Bamboo.SPProfileADSync.exe and select Run As. Uncheck the box Run this program with Restricted Access and click OK.
Let us know if this helped resolve this issue.