Saturday, November 5, 2011

Synchronize properties of SPUser with AD without User profiles synchronization in Sharepoint

On the production you may face with situation when User profiles service is not enabled for your web application, e.g. if your are developing Internet solution which doesn’t require intensive using of the UPS (most often UPS is utilized for Intranet and Extranet solutions). However you may still need users properties to be synchronized with AD. E.g. if you send emails using SPUser.Email property you may want to have it in sync. In this article I will show how to do it manually, but you can use these materials in order to automate the process (e.g. create Sharepoint timer job which makes similar actions programmatically).

For tests let’s create “Test User” user in AD with email “test@example.com”:

image

Also for tests we will need some Sharepoint list with “Person or Group” field type, e.g. Subscription list with Recipient column.

The key element in our example is User Information List – hidden list which is available by the following URL: http://example.com/_catalogs/users/simple.aspx where example.com – name of your Sharepoint site:

image

It contains list of all users which exist in your site collection (as you know in Sharepoint site collection is security boundary which contains own set of users and groups). As you can see on the picture above there is no Test User yet in it. Let’s go to Subscription list and add this user:

image

After that return to User Information List and refresh the view:

image

As you can see now it contains Test User. And if we will check properties of the user in this list, email will be “test@example.com”L

image

Now suppose that we need to change email of the user. Remember that we don’t have profiles synchronization so we need another mechanism to achieve it. There are several possible options:

  • we can change email without synchronization in AD. I.e. it is possible just edit Email property directly in User Information List. However you will need to do it on all site collections separately
  • delete user from User Information List and re-create again (see below)
  • if you want to automate the process and do it automatically you can delete user from SPWeb.AllUsers collection programmatically and call EnsureUser() in order to re-create SPUser (not sure that if you will call EnsureUser() without deleting it will synchronize properties)

Let’s see how we can re-create user manually. At first let’s change email of the user in AD from “test@example.com” to “test.user@example.com”:

image

Go to the User Information List, click on the user name and select “Delete User from Site Collection”. After that go to the Subscription list, edit item which we added earlier and click save (you may leave all values unchanged. It is important that you will force save at this point). After that Test User will again appear in the User Information List and email will be set to the new one “test.user@example.com”:

image

Important moment that if you delete user from User Information List – existing references to this user won’t be broken. E.g. in our example after we deleted user from the User Information List – it stayed in Subscription list item. Using this practice you can sync changes in AD on the environments without User profiles synchronization.

1 comment:

  1. Awesome post man! I updated the user in AD but had to remove / re-add in the site collection to get it to update

    ReplyDelete