search

pnp / PnP-Tools

Scripts and tools for Office 365 and SharePoint - More for IT Pro's
MIT License
517 stars 395 forks source link

UserProfile.MIMSync is not able to create a 2nd connector for 2nd AD Forest. #192

Open syberslick opened 6 years ago

syberslick commented 6 years ago

I'm trying to use this script to setup MIM2016 and it works fine for my first AD Forest but when I try to run it again to add my other AD Forests into MIM, it errors out. We have 5 AD Forests due to company migrations and I need to sync them all. This script is awesome but only awesome if you have 1 AD Forest. Is it possible to change it to work with multi forest setup?

harbars commented 6 years ago

Yes, the intent is to include multi-forest support in the future. However this means a substantial reworking of the toolkit as it currently stands, so we are still in the planning stages for this.

Hth s.

From: syberslick notifications@github.com Sent: 12 September 2018 16:45 To: SharePoint/PnP-Tools PnP-Tools@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [SharePoint/PnP-Tools] UserProfile.MIMSync is not able to create a 2nd connector for 2nd AD Forest. (#192)

I'm trying to use this script to setup MIM2016 and it works fine for my first AD Forest but when I try to run it again to add my other AD Forests into MIM, it errors out. We have 5 AD Forests due to company migrations and I need to sync them all. This script is awesome but only awesome if you have 1 AD Forest. Is it possible to change it to work with multi forest setup?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/SharePoint/PnP-Tools/issues/192, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AMTlCT_Wl7C3x1t1LnYNKCjxDTyTRD5dks5uaSwJgaJpZM4Wlqx9.

syberslick commented 6 years ago

Yes... I started to dig into it and try to rework it for multi-forest setup but was not able to get it working. Please also keep in mind multi-SPFarms to sync with. I'm sure others as well have more than 1 farm that want to consume from the same MIM setup.

andikrueger commented 6 years ago

You can have a look at this issue: #10 I did rework the current script to be able to use it with multi-SPFarms.

craig-martin commented 5 years ago

Is there good PowerShell or API coverage to do CRUD operations on user profiles in SharePoint yet? If so I can reword this solution to depend on the ActiveDirectory PowerShell module instead of MIM Sync. Last I checked (2015?) it was not obvious.

harbars commented 5 years ago

Unfortunately, not really.

Sadly there are no changes to the core User Profile subsystems since the SP2016 release, thus we have two supported options:

  1. The User Profile Import Export Web Service – legacy ASMX – this is what the SP MA uses itself and is the “recommended” extensibility point, despite numerous fundamental flaws and bugs.
  2. UserProfileManager – SSOM – not fully documented but relatively easy to figure out – obviously requires any code to run on the SP box – not recommended for a litany of reasons I won’t bore anyone with here

There are approaches which wrap the above – e.g. the PnP PowerShell – but they don’t make sense in the context of the goals of the MIMSync toolkit, and indeed for On Premises don’t offer the functionality required. There is no getting away from dealing with the legacy web service in almost all key customer deployments.

If “all” a customer wants is a more flexible import/export to AD only without the need for MIM then there are plenty of solutions out there already.

s.

From: Craig Martin notifications@github.com Sent: 14 February 2019 16:51 To: SharePoint/PnP-Tools PnP-Tools@noreply.github.com Cc: Spencer Harbar spence@harbar.net; Comment comment@noreply.github.com Subject: Re: [SharePoint/PnP-Tools] UserProfile.MIMSync is not able to create a 2nd connector for 2nd AD Forest. (#192)

Is there good PowerShell or API coverage to do CRUD operations on user profiles in SharePoint yet? If so I can reword this solution to depend on the ActiveDirectory PowerShell module instead of MIM Sync. Last I checked (2015?) it was not obvious.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/SharePoint/PnP-Tools/issues/192#issuecomment-463702157, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AMTlCY7kVyk-gFwopFuUQB21XmMa1Awlks5vNZPxgaJpZM4Wlqx9.

craig-martin commented 5 years ago

Thanks for the reply!

MIM is complex and overkill for this scenario, I was wondering if something smaller would be worthwhile. Based on this, sounds like it isn't worth doing:

If “all” a customer wants is a more flexible import/export to AD only without the need for MIM then there are plenty of solutions out there already.