We are having an issue where users who are already created in the system have changes made in AD, but those changes don't get sync'd into Sharepoint.
Example: Bill Smith moves jobs and get's added to the Site123_Members group in AD. However the next day Bill still doesn't have any permissions in this site, (and yes, the AD group is added to the Members group in SP).
We have the incremental sync job set to run every 5 minutes, but that doesn't seem to be doing anything for changes to pre-existing users. If we go in and manually kick off a Full sync then it works fine for the user.
On the User Profile sync set up job there is no option to schedule full syncs, but if you go in and look at the timer jobs it says there is the "User Profile Service Application - User Profile to SharePoint Full Synchronization" timer job, which is supposed to run Hourly. I don't think it's the one that controls the AD import, right?
So first off I'm curious if anyone has any suggestions for getting the incremental job to actually bring in AD changes, (as opposed to just new AD users).
Second does anyone have any suggestions for automating FULL sync jobs something like once a week until we can get this issue resolved? Usually we hear about this after someone has been having problems for a week or so anyway.