What is SharePoint User profile Synchronization? A users SharePoint profile is a collection of attributes that describe a user in an organisation. It identifies connections between other users or entities such as managers, workgroups, group membership, a user’s interests, areas of expertise and many other user properties. A subset of these user properties are provided by Active Directory.
SharePoint 2016’s built in feature to handle import of user properties from Active Directory is a feature called Active Directory Import. This is only a unidirectional (one-way) import from AD to SharePoint. SharePoint 2016 allows you to change this to connect to external identity providers such as Microsoft Identity Manager 2016 (MIM 2016). What if you want to flow User properties back to AD to be populated in other systems? That’s where MIM 2016 SharePoint User Profile Synchronisation can help. It allows for bi-directional flow of supported user proprieties, that can be flowed into Active Directory and other configured connected systems.
MIM 2016 In its basic implementation is a state-based identity management product, designed to manage a user’s digital identity throughout the lifecycle with an an organisation. MIM has many other features such as workflows, User Admin Portal, Self-service password reset portal, Privileged access management and many other identity based features that are beyond the scope of this blog
What’s involved and how easy is it to implement?
Recently , I implemented this solution for a customer over a few days, it’s a fairly easy setup if planned well.
Planning – Ensure the organisation knows what user properties they want to flow and who is authorities for those properties.
(i.e. Make sure the user property is not going to affect any downstream systems that connect to AD or SharePoint.)
– Agree a test scope of users before rolling out to a full production implementation
– Ensure you have the right administrative resources to deliver the solution
Configure – MIM 2016 Server with a SQL Server Database
– Microsoft SharePoint Connector for PowerShell
– Create the Active Directory User attribute flows
– Create the SharePoint User attribute flows
– Create scheduled synchronisations according to the organisation’s working pattern
What can it allow in the future?
Implementing a basic MIM 2016 infrastructure allows you to scale the solution to provision/flow user properties to other connected systems. This can be further enhanced by implementing a full solution to provide business logic and workflow capabilities and other identity management features.
What does it cost ?
For most of our enterprise customers who have an Azure Active Directory Premium which is part of Enterprise Mobility + Security? It’s included. For other customers who have a Windows Server 2016 license with a server install it’s included as an add-on, however Client Access License (CALs) are required for each managed user identity.
