Today I came across a very odd issue where I had seen a number of missing SharePoint User Profiles missing from the Active Directory synchronization.

The problem was, the deleted Active Directory users were left in the User Profile database marked as deleted, but never deleted by the “My Site Cleanup Job”. You can query the UserProfile_Full table to determine which profiles have the bdeleted column set to 1.

A description of the timer job is displayed below:

It turned out that the solution was to ensure a My Site host had been configured as part of the farm setup, so that the missing profiles from import are correctly removed. The My Site Cleanup Job runs every hour,  by default, and even though the job looked as though it ran successfully it wasn’t actually performing the specified function.

You can follow this Microsoft TechNet Article to configure a My Site Host in your farm.

I recently came across an issue where I was unable to manage the SharePoint Service Applications within Central Administration. The error I received was as follows:

“The specified user or domain group was not found”

This symptom was caused by a user account which was removed from Active Directory, that was assigned to a Managed Metadata Service Application. The account in question was assigned administrator rights in the service application. I worked woth Microsoft to remedy the issue in my case after performing some initial steps to determine which service application was causing the problem.

To determine the problem, I first had to find out which service application was causing the message to appear. I followed these steps:

1 – Opened IIS Manager

2 – Navigated to Sites -> SharePoint Web Services

3 – Each Service application has a guid and in the basic properties, you can review the path of the web service to identify the service.

4 – The SharePoint diagnostic logs should correlate to the application ID with the error in question, and so should the application event logs.

5 – When you determine which service application is causing the issue, you can run the following SQL statement against your SharePoint configuration database (I used %Metadata%, as I was aware it was the Metadata Service application):

SELECT [Name], [Version], CAST([Properties] as xml)

From [SharePoint_Config].[dbo].[Objects] with (nolock)

Where [Name] LIKE ‘%Metadata%’

6) Click the properties column XML result and review the following sections:

<sFld type=”String” name=“m_SerializedAcl“>

7 – There should be some identities associated with the service application.

8 – Check each Identity Name in Active Directory to determine which one was removed.

8 – In some cases you should be able to re-create the account in Active Directory, since the service application is looking for a principle name, and not a SID. Ensure you synchronize your Active Directory Domain.

9) You should now be able to navigate to the service applications (providing the particular service application is looking for a principle name in Active Directory), and then remove the account from the service application permissions.

10) If the above solution does not work, you can create a new account, with a different name, and try the following stsadm command:

stsadm -o migrateuser -oldlogin {the domain\old users login name that was removed} -newlogin {the domain\new AD account} -ignoresidhistory

e.g. stsadm -o migrateuser -oldlogin corp\deleteduser -newlogin corp\newuser -ignoresidhistory

You can also use the SharePoint Management Shell if you prefer and use the Move-SPUser command.

Should the above remedy not work in your situation, I highly recommend logging your particular case with Microsoft Premier Support to resolve your issue.

I also highly recommend not to make any direct changes to the SharePoint configuration database via custom code or SQL statements, in order to keep a  supported SharePoint environment.

The architecture in SharePoint 2010 has completely changed from its predecessor, Microsoft Office SharePoint Server 2007 (MOSS). In the previous version of SharePoint a Shared Services Provider (SSP) was used to provide services for a group of applications which were associated to a SSP. These included the following services:

• Office SharePoint Server Search: Necessary to crawl web applications in order to index content into a single index.
• Excel Services: Used to provide access to Excel workbooks in trusted data connection libraries
• My Sites: Provide a method for web applications to leverage the mysite functionality
• Usage Data: A Central location to store site usage data
• Business Data Catalog: A schema for stored business data

A web application in this case would only be associated with one SSP.

In SharePoint Server 2010 the architecture has been redesigned to be far more flexible and scalable. The ‘Service Applications’ are now what make up the above Shared Services with some additional services included in the new version. These are as follows:

 (Read the full TechNet article here: http://technet.microsoft.com/en-us/library/cc560988.aspx)

Access Services	Lets users view, edit, and interact with Access 2010 databases in a Web browser.
Business Data Connectivity service	Gives access to line-of-business data systems.
Excel Services Application	Lets users view and interact withExcel 2010 files in a Web browser.
Managed Metadata service	Manages taxonomy hierarchies, keywords and social tagging infrastructure, and publish content types across site collections.
PerformancePoint Service Application	Provides the capabilities of PerformancePoint.
Search service	Crawls content, produces index partitions, and serves search queries.
Secure Store Service	Provides single sign-on authentication to access multiple applications or services.
State service	Provides temporary storage of user session data for SharePoint Server components.
Usage and Health Data Collection service	Collects farm wide usage and health data, and provides the ability to view various usage and health reports.
User Profile service	Adds support for My Site Web sites, profile pages, social tagging and other social computing features.
Visio Graphics Service	Lets users view and refresh published Visio 2010 diagrams in a Web browser.
Web Analytics service	Provides Web service interfaces.
Word Automation Services	Performs automated bulk document conversions.
Microsoft SharePoint Foundation Subscription Settings Service	Provides multi-tenant functionality for service applications. Tracks subscription IDs and settings for services that are deployed in partitioned mode. Deployed through Windows PowerShell only.

 

The farm services are now far more extensible and scalable and can be shared with other farms via service application proxies.

I’ll be writing more about service applications in future posts.