User Profile Sync Service account oddity

Apr 24, 2012 at 4:37 PM

So I now am able to successfully install Sp2010 with SP1 and the latest February Cumulative updates without a hitch.  I even have the service accounts configured the way I want.  What I noticed about the User Profile Sync Service account is that what I put in the input.xml is different from what is being shown in CA under the Security / Configure Service Accounts page.  I will copy and paste a few pieces of my input.xml file and maybe someone can explain why this has happened. I do not want to change anything until I have more information.


At the start of the input.xml file, there is a "Managed Accounts" section. The first one has a CommonName of "spservice" and I assign a service account of SP_Services (as an example).

Down about 2/3 of the way, there is this section that starts with UserProfileServiceApp and one of the parameters is SyncConnectionAccount and I use a service account similar to SP_Profile.  


Now when I go into the Security / Configure Service Accounts page in CA, the account linked to the User Profile Synchronization Service is the SP_Services account. Do I need to add the SP_Profile account to the managed accounts portion of the script to resolve this or am I misunderstanding some of what the script is doing?  I want the script to basically do what needs to be done and I not have to go in and fix stuff like this if I can modify the script to maybe do that.

Apr 25, 2012 at 3:27 PM

I was really hoping someone would have an idea about this.  Why does the script have you define a service account for the User Profile service and then use something completely different after the setup. Anyone?

Apr 25, 2012 at 5:20 PM

The "SyncConnectionAccount" is not the account that runs the User Profile Service. It is the account that's used to pull (or sync) from your directory. To see if it was applied:

  1. On the Central Administration Web site, in the Application Management section, click Manage service applications.

  2. On the Manage Service Applications page, select the User Profile service application.

  3. On the Manage Profile Service page, in the Synchronization section, click Configure Synchronization Connections.

You should see your connection there, clicking on its properties should show you the SP_Profile account you used. If you click Create New, you'll see the form has the spaces for you to fill out a Sync Connection Account.

I recommend not using AutoSPInstaller to create this as it uses an unsupported method to do so.

Apr 25, 2012 at 5:49 PM

That is the kind of answer that I was looking for.  Thank you for that. That was the last lingering uncertainty with my install that I wanted to get cleared up. Thank You much. (Maybe that description can be commented into the script. Stating that Profile service account is for the AD sync connection and that the service itself runs on the sp_service account credentials. : -)  )

Apr 26, 2012 at 10:27 AM

Suggested update: The script (next 3.0 version) should use "SP_Sync"for this account. As "Profile Service account" implies a service.     

Question: the UPSservice itself runs on the sp_service account credentials. Is that correct ? As Harbar clearly states that UPSservice must be running on the Farm Account.


Apr 26, 2012 at 1:02 PM

@NL12143, I don't think the sync account is referred to as the Profile Service Account anywhere in the script/XML...?

