Upgrade iLoveSharePoint Workflow actions for SPD to 2013

After test upgrading my Project Portal, I was not able to edit the custom workflow I had built in SPD using the iLoveSharePoint Workflow action from Codeplex (which is awesome btw).

I struggled a bit with this today but finally found the perfect solution if you want to upgrade this workflow action for SharePoint 2013. I use this workflow action to automate the creation of project sites at our company intranet and find it very useful.

So first start with adding and installing the wsp file again on the SP 2013 server:

Add-SPSolution d:xxx.wsp (where ever you store the wsp file)
Install-SPSolution iLoveSharePoint.Workflow.Activities.wsp -GACDeployment -CompatibilityLevel {14, 15}

Then you need to also edit the web.config file (and I have had to do this for all my custom wsp files) and move this section:

into the “targetFx” section:


    
I did an IISRESET right after, and then made sure it got deployed in “Farm solutions” in CA.

When you open the workflow in SharePoint Designer 2010, this is what it should look like:

But when you open it in SPDF 2013 you will have to add back the custom actions, they are gone of course. So add back the custom actions, make sure the workflow looks like it should and publish it again to your site:

Unexpected error when changing the Top Navigation

When I had all the problems with our Replicator, and after it was finally solved, it started replicating the map and navigation structure. I desperately tried to stop the replication because I could see that it was altering my Top Navigation which I don’t wanted. But the damage was already done, and I went into the Site Actions and Navigation and thought I just change it back. Nooooo. After replication had changed it and I tried to stop it something must have happened because I got this error message now:

“An unexpected error occured while manipulating the navigational structure of this Web”

 

So I could no longer change the Navigation, and all I wanted to do was to reorder it under “Global Navigation”. Another important thing, I could change the navigation on subsites! But not on the top site in my site collection.

Googled the error and found that this had been resolved with April CU 2013. Upgraded to that, but it did NOT resolve my problem.

Went through the ULS logs and it reported:

“System.Data.SqlClient.SqlException: Cannot insert duplicate key row in object ‘dbo.NavNodes’ with unique index ‘NavNodes_AltPK’. The duplicate key value is (25a584d5-0f03-4bb5-bdea-2e57030c7817, 4e340cbd-639b-4d6e-aa19-cdb73ac35a00, 1002, -7).  The statement has been terminated.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)     at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()     at System.Data.SqlClient.SqlDataReader.get_MetaData()     at System.Dat… 852bae04-377b-43d5-b8f5-f354a1eb54b2
10/01/2013 13:55:02.05* w3wp.exe (0x2C34)                        0x07A0 SharePoint Foundation          Database                       d0d6 High     …a.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)     at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)     at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)     at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)     at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)     at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)     at Microsoft.SharePoint.Utilities.SqlSe… 852bae04-377b-43d5-b8f5-f354a1eb54b2
10/01/2013 13:55:02.05* w3wp.exe (0x2C34)                        0x07A0 SharePoint Foundation          Database                       d0d6 High     …ssion.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)     at Microsoft.SharePoint.SPSqlClient.ExecuteQueryInternal(Boolean retryfordeadlock)     at Microsoft.SharePoint.SPSqlClient.ExecuteQuery(Boolean retryfordeadlock) 852bae04-377b-43d5-b8f5-f354a1eb54b2
10/01/2013 13:55:02.05  w3wp.exe (0x2C34)                        0x07A0 SharePoint Foundation          Database                       8z23 Unexpected Unexpected query execution failure in navigation query, HResult -2146232060. Query text (if available): “BEGIN TRAN DECLARE @abort int SET @abort = 0 DECLARE @EidBase int,@EidHome int SET @EidBase = 0 SET @EidHome = NULL IF @abort = 0 BEGIN EXEC @abort = proc_NavStructAllocateEidBlockWebId @wssp0, @wssp1, @wssp2, @EidBase OUTPUT SELECT @wssp3 = @EidBase, @wssp4 = @abort END IF @abort = 0 BEGIN EXEC @abort = proc_NavStructMoveNode ’25A584D5-0F03-4BB5-BDEA-2E57030C7817′,’4E340CBD-639B-4D6E-AA19-CDB73AC35A00′,4945,1002,-2,N’20130928 16:17:25′,@EidBase,@EidHome, @wssp5 OUTPUT SELECT @wssp6 = @abort END IF @abort = 0 BEGIN EXEC proc_NavStructLogChangesAndUpdateSiteChangedTime @wssp7, @wssp8, NULL END IF @abort <> 0 BEGIN ROLLBACK TRAN END ELSE BEGIN COMMIT TRAN END IF @abort = 0  BEGIN EXEC pro… 852bae04-377b-43d5-b8f5-f354a1eb54b2
10/01/2013 13:55:02.05* w3wp.exe (0x2C34)                        0x07A0 SharePoint Foundation          Database                       8z23 Unexpected …c_UpdateDiskUsed ’25A584D5-0F03-4BB5-BDEA-2E57030C7817′ END ” 852bae04-377b-43d5-b8f5-f354a1eb54b2
10/01/2013 13:55:02.05  w3wp.exe (0x2C34)                        0x07A0 SharePoint Foundation          General                        8kh7 High     An unexpected error occured while manipulating the navigational structure of this Web. 852bae04-377b-43d5-b8f5-f354a1eb54b2″

So values that the top navigation is using, are duplicated in a table called “dbo.NavNodes” in the content db. Or are invalid somehow.
I opened the dbo.NavNodes db and copied all lines in it, to find that duplicate key “(25a584d5-0f03-4bb5-bdea-2e57030c7817, 4e340cbd-639b-4d6e-aa19-cdb73ac35a00, 1002, -7)” and it was just a page on the site, checked in and published. Cannot really see how this page would mess all up, it has been there for quite a long time also.

I found an article that suggested to run a SQL query on the content db, to find the duplicates:

SELECTTOP(20)Count(nav.Eid)AS ‘DuplicateCount’, nav.DocId, ad.Dirname, ad.Leafname FROM NavNodesAS nav with(nolock)INNER JOIN AllDocsAS ad with(nolock)ON nav.Docid = ad.Id WHERE nav.EidParent= 1025 AND DocID IS NOT NULLGROUP BY nav.DocId, ad.DirName, ad.LeafNameORDER BY ‘DuplicateCount’ DESC

And the result was:

 
 
 

So I knew that some nodes were corrupt, and finally I found a useful article that really helped solving my problem. I ran this command a few times and carefully testing the Navigation between each, (go to Site Actions and Navigation and try to change the order in the Global Navigation). I had to run the script that deletes the nodes a couple of times (three):

Open PowerShell on the server, check the size of those objects at the top level:

$siteUrl = “http://server
$spWeb = Get-SPWeb $siteUrl
$spWeb.Navigation.QuickLaunch | ft Title
$spWeb.Navigation.TopNavigationBar | ft Title
 
Then delete the QuickLaunch Nodes using this cmd:

$siteUrl = “http://server
$spWeb = Get-SPWeb $siteUrl
    Foreach($node in ($spWeb.Navigation.QuickLaunch))
{
    write-host “The node title is “$node.Title
    $node.Delete()
}
$spWeb.Dispose()

Then delete the TopNavigationBar Nodes:

$siteUrl = “http://server
$spWeb = Get-SPWeb $siteUrl
    Foreach($node in ($spWeb.Navigation.TopNavigationBar))
{
    write-host “The node title is “$node.Title
    $node.Delete()
}
$spWeb.Dispose()

First when you run these commands you will get an error message: “Cannot complete this action” and just continue until that goes away:

 

You know when you should stop because then you don’t get a red error message any longer:

Now I went into the Site Actions > Navigation again on my site collection and now I could change the order and save.

Setup an app store in SharePoint

If you want to create your own SP app store, then you need to go through quite a few steps..
Here we go!

In Central Admin

First create a new app catalog site

 
I created one on http://server:2013/sites/apps  

Create the app mgmt service application and the Subscription service app

Create the subscription service app

$account = Get-SPManagedAccount domainaccount

$appPool = New-SPServiceApplicationPool -Name SubscriptionServiceAppPool -Account $account

$serviceApp = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPool -name “Subscription Settings Service Application” -DatabaseName “SubscriptionSettingsDB”

$serviceAppProxy = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $serviceApp

 
Then make sure the services are started, both for App Management and for Subscriptions

Then stop the Timer service

Restart the WWW service
Start the Timer service

Create an alias on your DNS (or use whatever apps domain you want), like apps.yourserver.com

Add that URL in the Configure Apps URL in CA and the prefix you wish to use (I chose “apps”)


On your site
Make sure Publishing site collection features are activated
When you choose “Add an app” and click on “From your organization”, any apps you have added should be visible now:

 

Search hangs on “Starting”

I think I know why this happened from the beginning. I got the warning message in Health Reports about having Admin accounts running the app pools or services. So I have corrected one account and now all these messages are gone. But that caused a new problem with Search Service. The error message was:

“Unable to retrieve topology component health states. This may be because the admin component is not up and running.”
 

Googled it, and found lots of articles about this error. Most suggestions was about installing hotfixes, adding permissions directly in the SQL db’s, changing environment variables, installing latest win updates etc etc.

But I had a feeling it had more to do with the accounts running the Search services or application pools. I had changed some of these from farm account to a specific service account, for security reasons and what MS recommends. But, after having changed back the SharePoint Search Host Controller to the farm account, (Go to “Security”, “Configure service accounts” and select the “Windows Service – Search Host Controller Service”, make an IISRESET afterwards) and all started working instantly.


Maybe not recommended, but I will keep it running like this. The message in the Health Analyzer has not come back so, so far so good.

Unable to start UPS due to Event 6398 on SP2013

This happened on a fresh install of SharePoint 2013 on a Win 2012 server, without any CU’s applied. When I started the User Profile Service Application it hung and just when into “Stopped” mode.
Checked the Event Viewer and found this error, Event 6398:
“The Execute method of job definition Microsoft.Office.Server.UserProfiles.LMTRepopulationJob (ID 84821b32-cf9f-45ff-801b-bb25b69faa6f) threw an exception. More information is included below.

Unexpected exception in FeedCacheService.IsRepopulationNeeded: Connection to the server terminated,check if the cache host(s) is running .”

And
“The Execute method of job definition Microsoft.Office.Server.UserProfiles.LMTRepopulationJob (ID 84821b32-cf9f-45ff-801b-bb25b69faa6f) threw an exception. More information is included below.

Unexpected exception in FeedCacheService.IsRepopulationNeeded: Cache cluster is down, restart the cache cluster and Retry.”

 

Googled on this and found this article:

Ran the following Powershell cmdlet:
Get-CacheHostConfig -ComputerName $env:computername -CachePort 22233
But got the following error, “No valid cluster settings found…”

 
According to the article I had to create a CacheCluster, by following the steps in this article from MSDN:

I ran the setup to install the Windows Server AppFabric caching features, but got an error (only extracts from the entire log file):

=====

2013-09-04 09:11:50, Information           Setup  Product:          Microsoft(R) Windows(R) Server AppFabric
2013-09-04 09:11:50, Information           Setup  ProductVersion:   1.1.2106.32
2013-09-04 09:11:50, Information           Setup  OS Name:                   Windows Server 2012

2013-09-04 09:11:50, Information           Setup  Event Registration Source :    AppFabric_Setup

2013-09-04 09:11:50, Error                 Setup  One or more of the specified features are already installed.

=====

So I reconsidered the situation and decided to just go in and stop the AppFabric Service instead and then try to launch the UPS. And that worked 🙂 
The Forefronte services now came up!

First I made an IISRESET, as that is always necessary after having launched the UPS.

And then I rebooted the server and see if the UPS still works when the AppFabric service gets started.
The AppFabric service was started and the UPS service was still started and I could add a new AD connection.
Now I will proceed and install the CU’s.

How to replicate InfoPath forms with data connections

As I have written about before replication of InfoPath forms that are using data connections, has not been working using Metalogix Replicator http://sharepointbabe.blogspot.ae/2013/01/infopath-forms-do-not-work-with.html
But now this has been resolved by Metalogix and here are the steps needed to make this work.

1) The latest version of Replicator must be installed, that is version 6.0.7812.0

2) Make sure the AAM default zone are matching on all servers (this is most important if the local servers are using split DNS, which means that the URL headers are the same on all servers and a request to the same URL points locally instead of to the hub). Then setup any of the other zones to be individual, I have used the Intranet zone:

3) Setup the InfoPath forms to use udcx files. To do this, create a Data Connection library on your site and then convert all the data connections in the form to .udcx files and store them in the library:

4) The udcx files should be stored in a Data Connection library on a site where users have Read access, and it should also be added for replication.

 

Create a page layout using Design Manager

I want to create my own layout for use on the intranet front page. I don’t want to have a left side menu and I want three columns where the middle one should be the widest. There is no page layout that fits my need so I will create my own.

Go to Design Manager

Click on “Edit page layouts“

And then “Create a page layout”

 

 
 
 
 
Give your new page layout a name and choose what MasterPage you want, then finally pick a page layout to inherit from: 

 

 
Your page is now created





But that is not the file you should edit, instead edit the corresponding html file. To do that, you need to map the “_catalogs/masterpage” folder to a drive:

In Windows Explorer, click on “Map network drive” and add the following path to a drive:

Then you will be able to edit the html file that your page layout is connected to. As you can see, that html file is automatically created:



Open the html file in any editor and insert your own html code between these two tags:

Save the file and the page layout is updated (and you might have to approve the page layout file also)

Upgrade part 6: Upgrade MySites to SP2013

This is how I upgraded our SP 2010 mysite site collections to SP 2013

Restored a copy of the 2010 database for MySites to my test server
Removed the content db in CA
Detached the db in SQL
Attached the restored copy in SQL
Added the content db in CA

Do an iisreset

Now ready for some test runs…

Test-SPContentDatabase -name MySites -webapplication https://server:3334 | out-file e:upgradeupgrade.txt -width 500

Got some errors about missing webparts or customizations which is fine, I don’t want to use them anymore anyway. Most errors are regarding the office web apps though but none of them is blocking upgrade so I will go ahead:

Category        : MissingFeature
Error           : True
UpgradeBlocking : False
Message         : Database [MySites] has reference(s) to a missing feature: Id = [893627d9-b5ef-482d-a3bf-2a605175ac36], Name = [PowerPoint Mobile Viewer], Description = [Enables viewing of PowerPoint presentations in the mobile web browser], Install Location = [MobilePowerPointViewer].
Remedy          : The feature with Id 893627d9-b5ef-482d-a3bf-2a605175ac36 is referenced in the database [MySites], but is not installed on the current farm. The missing feature may cause upgrade to fail. Please install any solution which contains the feature and restart upgrade if necessary.
When this was done, I just detached the db from SQL, copied it to my new SP2013 server and then it is ready to be migrated.

Did the same on the SP2013, that is remove the content db from the MySites web app. Attach it on the SQL and then in CA again:

But then you cannot add the content db directly from CA, you need to mount it:

Mount-SPContentDatabase “MyDatabase” -DatabaseServer “MyServer” -WebApplication http://server:5230

After mounting I got this message

Yeah I have a look later, I think I know what the error messages is. I had a customized template for the MySites on my 2010 server and that is not included in this upgrade. Will just skip it and proceed.

Made an iisreset

Got access denied when trying to access MySite (the old classic Access Denied message from 2010) as my self:




 

Signed in as the administrator and that MySite which I could access (so only Admin could access MySites right now)

Got the message about upgrading the site collection so I did that by clicking “Start now” up in ribbon:

 







After that, I visited my own site again and got the “new” access denied message:


That means that no users can access their MySites. So I decided to upgrade my site collection to see if that fixed the issue. You can run “get-SPSite” in powershell to see a list of what versions the site collection are. All our mysites were in 14, they need to be converted to 15. Run the Upgrade-SPSite command in powershell (of course this must be scripted for all users…):

Upgrade-SPSite http://server:5230/personal/lr00554 -VersionUpgrade

Tried to access my personal MySite again, but still access denied “Site has not been shared with you”

I looked at the Authentication Provider for my MySite web app and that said “Claims based authentication” but maybe all site collections are not included? My last test was to upgrade the authentication for entire web application including all migrated mysite site collections.

In Powershell:
Convert-SpWebApplication -Identity “http://server:5230” -To Claims -RetainPermissions [-Force] 

And TADA, the new MySite is up and accessible!

My experience of using Replication

I have used replication between 8 SharePoint server farms for almost a year now. I am usually a very nice and patient person, but now the patience is running out and I feel frustrated and need to write about this so maybe it can help others who are considering replication. And I am being brutally honest (sorry to all you nice people at Metalogix), but I have had it and I want to share my experience!
I used to have a nice job as the only SharePoint employee (a new role for me who always worked as a consultant) in the company, maintaining and developing our intranet in a small server farm. The company I work for is in the seismic industry and we have a fleet where the vessels have a limited amount of bandwidth. They use satellites for bandwidth, and currently they only have a 1 Mb connection. Which is a big challenge for SharePoint, as it is not supported over WAN. Our fleet users of course found our SharePoint intranet very slow (connecting to our server in Dubai), which is understandable on such a low bandwidth. So to solve this, I started to evaluate some replication products, since Microsoft does not have a product or a solution for this. And hey Microsoft, I know the cloud is the new thing ánd that is cool when you have a lot of Mb’s, but what about your users that has limited low bandwidths and MUST have data available if they become offline (which happens quite often at sea)?
Anyhow, I chose Metalogix Replicator because they have been in the business for quite a while, they have similar clients and also their product is built into the CA so we did not need another client to monitor the replication. It seemed to fulfill all our needs also, and with that I mean that we have a very “out of the box” intranet so it should not be complicated to replicate the functionality.
Could have been a success story for us. But the truth is, almost a year later, I barely have any time over to do my regular job because of all the replication issues and we still are not replicating all functionality! My job has become a nightmare, where I have to fix things that the replication has messed up or monitor the package queues to see what has run into “error” or “conflicts”. It was a long time ago I could sit down and have a look at new development projects on the intranet. So why is it like this? Well first the obvious reason, and which is not due to the product (it would be the same with any replication product), is that I now have 8 instead of 1 SharePoint servers (and SQLs) to maintain. I have 8 instead of 1 intranet sites to monitor and all the work that comes with that. But that was expected and OK. I expected that to take maybe 40-50% of my time which should have been fine.
What I did not expect was the constant (I mean almost 100%) need of my time to monitor what the replication has done since I left it. That is, fearing that permissions has been removed or not replicated at all or replicated incorrectly so that sensitive information became visible (luckily I managed to restore permissions FAST before too many users discovered it), site collection features that got deactivated and ruined data from third party products we had installed (and that are critical for the safety on board) which led to a complete RESTORE of a site which took almost 2 days to get back (and unavailable to users of course), all the countless hours of troubleshooting errors and phone meetings with technical support! And also the lack of product support in replicating InfoPath forms. Which is still not solved, although stated to be solved in the last version. The product does not deliver what it promises!
Our intranet is very “out of the box” although it does not look like it, I can do magic without code J So it does not contain any custom code, I have branded it using our own css file, added some jquery stuff, and InfoPath or modified xsl. And also, we have used proper third party web parts that we have bought and used no “homemade” stuff. So I would expect that our functions should be easy and able to replicate. But I was wrong.

I have provided Metalogix with detailed descriptions of the errors both in replication of permissions, workflows and InfoPath replication. Their product manager have interviewed me to hear my opinion on the UI and I had a lot of improvement suggestions after having using it for half a year. But despite that, our problems are still there and I have been very patient but I can feel it running out now and it is getting really annoying instead. It is taking TOO much of my daily work and the users are annoyed that they STILL need to surf into our local office server to be able to fill in their Reimbursement forms etc (not to mention the confusion as they have to surf into ANOTHER url to do some stuff). I had hoped all this could be available on board when the replication was installed, which is almost a year ago now. I do understand that our third party web parts cannot be replicated, that is fine but COME ON! – forms using Data Connections which is by design in InfoPath? Lists with customized forms are not replicated in full (the ifs files are missing)? Permissions with only SP groups and AD groups in them? Workflow that sends repeated mails from the same form to users so they are SPAMMED and mail me in desperation to stop the replication, because it loops the packages and constantly “updates” the list items (when they are in fact NOT updated, just sent back and forth between the servers) but makes the workflow engine think they are updated items? List/document items with versioning enabled generates so many packages that I need to disable the replicator and it takes forever to clear the queues?

What I wonder is: where are all the other replication customers and their demands/problems? They must have the same issues as us? I seriously doubt that we are alone in this. And I can’t help but feel that I am contributing to the development of their product and usually I love to contribute with that to a company that listens, but this feels like BASIC product functionality that is already promised to be there. And it has cost us a LOT of troubleshooting and valuable time and dissatisfied users.

And not only the time at work… all my sleepless nights when I worry about this shit, afraid that users can see what they shouldn’t and the weekends I have had to spend solving things in panic or with a restore, instead of relaxing. All the hours where I have had to add back lost functionality, over and over!

Yes, there are good sides of Replicator also of course. It works really well for simple lists, pages, images and documents, (unless you use versioning, which can lead into endless loops where the package queues are so huge that you have to disable replication to be able to delete the hundreds or thousands packages that a FEW changes made in a list!), and it transfers the packages fast and at its smallest amount of data. Also I like the simple UI, and that it is integrated into CA.

And the people working at Metalogix are great and tries to help in all way, and I feel that they really take our problems seriously. But that does not help my frustration unfortunately, and they don’t seem to test real life scenarios since they obviously not had tested an InfoPath form that has Data Connections, and that is often the reason why you use IP in the first place, otherwise you could just use the simple lists.

So to conclude – using Replicator for simple, not customized, things works absolutely fine and it is indeed instant! But if you have an intranet with InfoPath forms using DC’s, unique permissions, workflows, versioning etc then you might run into the same problems as we have and I would not recommend replication until all these issues are solved. We are using version 6 which is the latest version.
I hope with this article that I might find someone out there who is also using Replication (any products). Because when you google stuff about replication, you rarely find anything useful. It would be great to get some feedback and stories from others about this!

Upgrade to SP2013, part 5: Setup the User Profile Service Application

One thing that is introduced (or has come back actually) in SP2013 is: AD import. The big benefit of using ADI is that it is fast and easy to setup. Also, the filters are ready so you can just check a box to filter out disabled accounts!! Great! Not much can go wrong there.

But, if you want to fully use the UPS and maybe import extra attributes from the AD like user profile pictures, employee information etc then you must setup the User Profile Synchronization import. And I want to do that, especially import the photos, since I have a profile picture of the user up in the right corner of our intranet. This means a bit more work, but it is still quite easy to configure and setup:

Start with creating the User Profile Service Application in “Manage service applications” and map it to a new application pool (which I add the farm account to). You need to have that user in the local admin group on your server also. And yes, you will have a message about this in the Health Analyzer but just ignore that.

When that is done, go to the Services on Server and launch the two services “User Profile Service” and “User Profile Synchronization Service”. Enter the farm admin password on the page where you launch the second service. Now the last one will take some time to start, just leave it for 5-10 minutes and it will be started. One important thing I learned at the SPEVO13 conference, at a session by Spencer Harbar, was that the field where you enter the farm account password is actually not validated so if you enter an incorrect password there you might run into the famous “hang” when starting this service. So be sure you enter the correct password! I tried it and it does hang AND it did lockout my account until it finally stopped trying (new account policy for some admin accounts at my company) but it really does not tell you that the password is incorrect when you press OK on this page. Bad!!

Anyway, when you have the services started like this you can make an IISRESET:

I always do that, because I know this can give you errors or trouble otherwise when you want to create the AD connection and I am always better safe than sorry.

Now, go back to your User Profile service application and make sure the “Configure synchronization settings” are set to “Use SharePoint Profile Synchronization” and (optional) deselect the “Include existing BCS Connections for synchronization” for now since we don’t use that yet.

To setup the connection to your AD, go to “Configure synchronization connections”. When that is done, we need to setup the connection filters, in the most complicated and non logical way you can think of… to filter out the disabled accounts. Do this:
On your new AD connection, hover it and select “Connection filters”:

Make sure you have the “All apply (AND)” checked
Select “userAccountControl” in the list and wait for it to update the page!
Select operator “Bit on equals” and set the Filter to “2”
Click on “Add”:

If this is enough filters, just click OK to apply.

Now go back to your User Profile Service Application using the breadcrumb…. Hahaha NOT. Spencer made that joke at the SPEVO conference, not sure how many got that… I was laughing anyway!

So go all the way back to your UPS and start the synchronization, and yes it has to be a Full the first time.

Optional: before you start the import you can import some extra attributes from the AD. I want to add the user profile pictures:

Go to the “Manage User properties” and find the one called Picture. Change the settings to “Do not allow users to edit” if you don’t want your users to upload their own pictures (can result in everything from pics of cats, beers, strange positions etc if you allow this!) and then select the “thumbnailPhoto” from the attributes list. “Direction” should be “import” and click on Add:


 

Now start the full import and the time it takes to import of course depends on how many users you import and how many extra attributes. For me it took about 7 minutes to import 1700 users.

One last thing I do, is to select the User Profiles service app (go to “Manage service applications” view), select the UPS and click on “Administrators”. I add the Search account and set it to “Retrieve People Data for Search Crawlers” so I know that the People search will work also.