Sunday, June 3, 2012

Set Replicating Directory Changes for Sharepoint Userprofile service


Script to Set Replicating Directory Changes for Sharepoint Userprofile service.

This covers both aspects of the Replicating AD Permissions that need to be setup for sync process to work properly.  This was written as a result of reading http://www.harbar.net/articles/sp2010ups.aspx


Function Set-replicatingChanges{
param (
$domain,
$path)

#change this for your USER PROFILE SYNC Account
$user = "sp_userprofile"
$path
$acl = get-acl ".\$path"
#get sid of user
$objUser = New-Object System.Security.Principal.NTAccount($domain, $user)
$SID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$ReplicatingChangesGUID = new-object Guid 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2
$act = [System.Security.AccessControl.AccessControlType]::Allow
$readProperty = [System.DirectoryServices.ActiveDirectoryRights]::ReadProperty
$GenericExecute = [System.DirectoryServices.ActiveDirectoryRights]::GenericExecute
$ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight

#sets permissions
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList ($SID, $ReadProperty, $act)
$ACL.addaccessrule($ace)
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ($SID, $GenericExecute, "Allow")
$ACL.addaccessrule($ace)
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($SID, $ExtendedRight, "Allow",$ReplicatingChangesGUID)
$ACL.addaccessrule($ace)
Set-Acl -ACLObject $acl -Path ".\$path"

}

#ipmo activeDirectory #automate this
if (!(Get-Module -name activedirectory)){
if ((Get-Module -ListAvailable|?{$_.name -eq "activedirectory"})){ipmo activedirectory}
}
if (test-path ad:){cd ad:}else{Write-Host "I couldn't map to ad:" -ForegroundColor Red;break}

$domain =$env:USERDOMAIN
$configContainer=(gci|?{$_.Objectclass -eq "Configuration"}).DistinguishedName
$domainDN = (gci|?{$_.name -eq $domain}).DistinguishedName

set-replicatingChanges $domain $configContainer
set-replicatingChanges $domain $domainDN
Posted by at
Labels: , , , , , ,

1 comment:

  1. AnonymousSeptember 20, 2012 at 7:33 AM

    Thanks for publishing this script. It made my day:)

    /per

    ReplyDelete

Subscribe to: Post Comments (Atom)