Blog Post

Microsoft SharePoint Blog
3 MIN READ

Sharepoint 2019 - Manager Field NOT updated when UPSA configured for External Identity Manager Syn

manjeshm's avatar
manjeshm
Icon for Microsoft rankMicrosoft
Sep 10, 2019

Configuring External Identity Manager is NOT new for Sharepoint.  There are multiple articles on how to configure External MIM with Sharepoint and get the User profiles Synched.  This article is NOT intended to discuss on how the configuration works, but this will help to understand how the manager information is updated to a profile. With Sharepoint 2019 , we see this functionality doesn’t work well too.

 

Let’s see how it works with Sharepoint 2016

When the User profile service application is set to Adimport mode

  • The user data is directly imported to upa.userprofile_full and upa.userprofilevalue tables accordingly.
  • However the Manager information is NOT saved directly to these tables as the manager value is again of a “person" property and not just a text or integer.
  • Hence this will be saved to upa.ProfileImportStagingPersonProperties table and will be processed in the POST processing stage.
  • The Timer job "UPA - User Profile ActiveDirectory Import Job " will do the import activity and once its completed the same job will process the data from the stagin table upa.ProfileImportStagingPersonProperties and saves it to Userprofile_full and UserprofileValue tables.
  • The timer job uses a stored proc IMPORTEXPORT_PostImportUserProperties  to process the Manager information from upa.ProfileImportStagingPersonProperties and save to Userprofile_full and UserprofileValue

When the User profile Service Application is set to MIM (External) import

  • The user data is directly imported to upa.userprofile_full and upa.userprofilevalue tables by the MIM (No Timer Job in SharePoint)
  • The manager information is saved to upa.ProfileImportStagingPersonProperties table as usual
  • But there is no Job to process the data from this staging table and writes to userprofile_full or userprofilevalue tables.
  • Hence in SP2016 , a new Timer job has been introduced to process this data when the UPA is set to MIM import - UPA-Updates Profile Memberships and Relationships Job
  • More information about this job, please referhttps://support.microsoft.com/en-us/help/3141517/february-21-2017-update-for-sharepoint-server-2016-kb3141517

When it comes to SharePoint 2019 , the functionality looks to be similar, we do have a similar Timer job to process the imported data,  however there seems to be a slight difference , here it is. 

 

 SP 2016

DisplayName                   

: UPA - Updates Profile Memberships and Relationships Job

Description                      

: Updates group membership and profile relationships with changes found in the directory.

Title                                    

: UPA - Updates Profile Memberships and Relationships Job

Name                                

: UPA_ExternalIdentityManagerMembershipsAndRelationshipsJob

TypeName                       

: Microsoft.Office.Server.UserProfiles.OM.ExternalIdentityManagerMembershipsAndRelationshipsJob

 

SP2019

DisplayName                   

: MIM_UPA - Updates Profile Memberships and Relationships Job

Description                      

: Updates group membership changes and Profile relationships from Active Directory into Profile Database.

Title                                    

: MIM_UPA - Updates Profile Memberships and Relationships Job

Name                                

: MIM_UPA_UpdateMembershipsAndRelationships

TypeName                       

: Microsoft.Office.Server.UserProfiles.ADImport.UpdateMembershipsAndRelationshipsJob

More information about the Job : refer https://joshroark.com/sharepoint-profile-sync-with-mim-managers-and-group-memberships-are-not-updated/

 

In a working scenario (that is Sharepoint Adimport mode) , you can see the following in the ULS logs (verboseEX mode)

SqlCommand: '[upa].[ImportExport_PostImportUserProperties]'    

CommandType: StoredProcedure CommandTimeout: 0

Parameter: '@correlationId' Type: UniqueIdentifier Size: 0

Direction: Input Value: '00000000-0000-0000-0000-000000000000'

 

In a non-working scenario (that's external MIM) , we do not see this call getting triggered. 

This issue is being reviewed by the concerned team at Microsoft and the work around for now is to enable the noilmused property.

Please make sure that NO Sync configuration (creating connection, property mapping etc) are setup from Sharepoint central admin when the User profile service application is set to NOILMUSED=1. 

 

 How to set the value?

$upa=get-spserviceapplicaiton <ID of UPA>

$upa.noilmused=1

$upa.update()

 

To reset

$upa=get-spserviceapplicaiton <ID of UPA>

$upa.noilmused=0

$upa.update()

 

Will update this once a permanent fix is announced

Updated Aug 27, 2020
Version 4.0
Support
  • Prabhat_Tunuguntla's avatar
    Prabhat_Tunuguntla
    Copper Contributor
    Mar 29, 2023

    After making noilmused property to True. I am getting error while making it to false. 

     

    Steps to make noilmused property to false.

    1) Go to user profile service application-> configure synchronization settings-> Enable External Identity Manager -> Ok.

    2)In the User profile service application -> right bottom you will see profile synchronization settings. below it you will get a message user profile service not provisioned message, means your profile service is in stopped state.

    3)Go to mange services on server-> Restart "User Profile Service" on all the server. Now check noilmused property it will be in the false state now.