User Profile Synchronization Architecture
While delivering our SharePoint 2013 User Profiles internal trainings, I realized how many components take part in synchronization, and how difficult it is for non-graphical learners to assimilate the architecture.
I sketched the diagrams below to help me remember the various components and their role. I hope this will help others understand the mechanisms of user profile synchronization.
The “System Job to Manage User Profile Synchronization” can also refered to as “ILMProfileSynchronizationJob”.
| Name | {name of the UPA_} ProfileSynchronizationJob |
| DisplayName | {name of the UPA} - System Job to Manage User Profile Synchronization |
| Description | This timer job manages provisioning, run steps and additional tasks related to User Profile Synchronization. DO NOT CHANGE the information or frequency of this job. If you need to change how often incremental synchronization is done, access the user interface through the User Profile Service admin page, and click on the "Schedule Incremental User Profile Synchronization" link under the "Synchronization" category. |
Provisioning of the ForeFront Identity Management synchronization
The first diagram is about the provisioning of the FIM.
The "System Job to Manage User Profile Synchronization" timer job starts the one-time ProfileSynchronizationSetupJob timer job.
| Name | ProfileSynchronizationSetupJob |
| DisplayName | Provision User Profile Synchronization Service |
Synchronizing
The second diagram is about the synchronization itself.
The " System Job to Manage User Profile Synchronization" timer job starts the “User Profile Incremental Synchronization” timer job.
| Name | {name of the UPA_} ProfileImportJob |
| DisplayName | {name of the UPA} - User Profile Incremental Synchronization |
| Description | This timer job will run at the specified interval to synchronize user, group and group membership changes between the User Profile Application and specified directory source (such as Active Directory or LDAP). Synchronization will look for changes since the last time this job was run and only perform these |
Note the User Profile Incremental Synchronization timer job uses WMI to communicate with MIIServer.exe. SharePoint’s Management Agent (MA) logic is in Microsoft.office.server.UserProfiles.ManagementAgent.dll.
The terminology could also be confusing for SharePoint engineers, as it is based on “FIM” point of view:
- Import: getting data from connected directory to connector space
- Export: getting data from the connector space to the connected directory.
Keep in mind it is not supported to modify the content of the databases. Doing so may corrupt your data!
Comments
Anonymous
March 20, 2014
May I use your diagrams on my blog? I want to explain it in Chinese and of course I will refer your blog in the article. Thank you!Anonymous
March 24, 2014
Thanks for this good explanation. Faisal Masood http://www.FaisalMasood.comAnonymous
July 03, 2014
Thanks all for your comments! @Mark, you can reuse the diagrams, no problem with that.