User Profile Sychronization Service still using farm account

Sep 28, 2011 at 6:56 AM
Edited Sep 28, 2011 at 6:58 AM

Not sure if I'm misunderstanding something but after running the install script with the input.xml as shown below for UPS

 

<UserProfileServiceApp Provision="true"
                               Name="User Profile Service Application"
                               ProxyName="User Profile Service Application"
                               EnableNetBIOSDomainNames="false"
                               StartProfileSync="true"
                               SyncConnectionAccount="domain\profile_svc"
                               SyncConnectionAccountPassword="password" >

The profile_svc account isn't used but instead the Farm account.

After registering the profile_svc account manually and changing the service account in Central Admin I can't seem to get the User Profile Synchronization Service to run using the profile_svc account. It's greyed out when you restart the service set with the Farm account.

Since the farm account doesn't have replicate changes etc. its not functioning properly.

 

Any ideas?

Thanks

Sep 28, 2011 at 7:44 AM

The service use the farm account to start. It even need a local admin right during provisionning to start successfully. It's the synchronization connection which need a specific account, not the service.

Sep 29, 2011 at 12:06 AM

Sheppounet is right.

FIM does not use farm account to import user profiles from AD. It's the synchronization connect that needs a specific account for import. Check out the following link for more detailed info on how User Profile SA works.

http://www.harbar.net/articles/sp2010ups.aspx

Cheers,

Allen

Sep 29, 2011 at 4:05 AM

Great info thanks.