SharePoint 2013 – Create custom AD attribute and map it to SharePoint user profile property
Hello Friends,
Today I will share my experience while working with AD custom attribute in SharePoint 2013. We will discuss to create new User Profile property and map the custom AD attribute in SharePoint user profile service application.
Although there is a lot of OOB attributes which can be used for storing information in AD like SID, login name, language etc., this is common situation when they don’t match requirements of enterprise infrastructure.
For example: There will be situations when company required to differentiate the users with Business Unit or location. There are many functionalities which will be driven on basis of the Business Unit or location. Either, we must push data in one of the OOB AD attribute or create new custom AD attribute without impacting existing.
Here, we will discuss how we can map the newly created custom AD attribute to SharePoint user profile service.
First of all, we need to create custom AD attribute. Please follow article to Create Custom AD Attribute. Your AD expert will create the attribute as per business requirement.
You need to know the few information before mapping this attribute to SharePoint like name of attribute off course as well as few other.
For example: Your business unit name is “Social Engineering Service”. You should know the maximum length of attribute value. If the length of attribute is more than the defined length in UPS property, then it will not be synchronized for specific users. Please see reference article. The type of values like string, property will be edit by user or not.
To create custom user profile property, we can follow the reference.
But, unfortunately for our case it didn’t work like described in the article. The main problem is that new custom attribute was not visible in the User Profile properties mappings (Central Administration > Manage service applications > User Profile Service Application > Manage User Properties > New property > Add new mapping section > Attribute list).
Then we have tried to veryfy the rights of farm admin account because the User profile synchronization service (window service) was running with this account.Replicating Directory Changes permission on the domain to the service account.Even, we made this account as Active directory admin.But it didn’t help and we were not able to see the new custom AD attribute. But, we were able to retrieve attribute data using LDAP query using our service account.Finally, we understood that, the custom AD attribute will not be mapped through the Central Administrator. We have used below script to implement the same:
Add-PSSnapin Microsoft.sharepoint.powershell
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
function Get-SPServiceContext([Microsoft.SharePoint.Administration.SPServiceApplication]$profileApp) {
$profileApp = @(Get-SPServiceApplication | ? {$_.TypeName -eq "User Profile Service Application"})[0]
return [Microsoft.SharePoint.SPServiceContext]::GetContext($profileApp.ServiceApplicationProxyGroup,
[Microsoft.SharePoint.SPSiteSubscriptionIdentifier]::Default)
}
function Add-CustomProperty($name, $displayName, $showOnEdit, $userEdit, $showOnProfile, $type, $length, $mapTo, $upm) {
$PropertyName = $name
$PropertyDisplayName = $displayName
### Connect to the Metadata Service - if you are mapping data from Managed meta data service application
### Most of the cases you will not required this
$taxSite = get-SPSite "http://mysite.test.com" # Specifiy any site
$taxonomySession = Get-SPTaxonomySession -site $taxSite
$termStore = $taxonomySession.TermStores["SA_ManagedMetadata"] # Specify service application name
###Connect to existing term group
$termGroup = $termstore.groups["CONTOSO"]; # Termstore group
$termSetSkill = $termGroup.TermSets["Business Units"] # Termset under specified group, to retrive data from that set
if ($upm.GetPropertyByName($name) -eq $null) {
$coreProperty = $upm.Create($false)
$coreProperty.Name = $PropertyName
$coreProperty.DisplayName = $PropertyDisplayName
$coreProperty.Type = $type
$coreProperty.Length = $length
$coreProperty.IsAlias = $false;
$coreProperty.IsSearchable = $true;
$coreProperty.TermSet=$termSetSkill
$userProfileConfigManager.ProfilePropertyManager.GetCoreProperties().Add($coreProperty)
$profileTypeProperty = $userProfileTypeProperties.Create($coreProperty)
$profileTypeProperty.IsVisibleOnEditor = $showOnEdit
$profileTypeProperty.IsVisibleOnViewer = $showOnProfile
$userProfileTypeProperties.Add($profileTypeProperty)
if ($mapTo -ne $null) {
$attributeName = $mapTo
$synchConnection = $userProfileConfigManager.ConnectionManager[$connectionName]
$synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User,$PropertyName,$attributeName)
}
$subTypeProperty = $userProfileProperties.Create($profileTypeProperty)
$subTypeProperty.IsUserEditable = $userEdit
$subTypeProperty.DefaultPrivacy = "Public"
$userProfileProperties.Add($subTypeProperty)
}
}
### Call this function
### To remove custom property using name
function Remove-CustomProperty($name, $upm) {
$upm.RemovePropertyByName($name)
}
###SharePoint Synchronization connection- UPS Connection name
$connectionName ="CONTOSO"
###Get UserProfileManager
$serviceContext = Get-SPServiceContext
$userProfileConfigManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($serviceContext)
$userProfilePropertyManager = $userProfileConfigManager.ProfilePropertyManager
$userProfilePropertyCreateManager = $userProfilePropertyManager.GetCoreProperties()
$userProfileTypeProperties = $userProfilePropertyManager.GetProfileTypeProperties([Microsoft.Office.Server.UserProfiles.ProfileType]::User)
$userProfileSubTypeManager = [Microsoft.Office.Server.UserProfiles.ProfileSubTypeManager]::Get($serviceContext)
$userProfile = $userProfileSubTypeManager.GetProfileSubtype([Microsoft.Office.Server.UserProfiles.ProfileSubtypeManager]::GetDefaultProfileName
([Microsoft.Office.Server.UserProfiles.ProfileType]::User))
$userProfileProperties = $userProfile.Properties
if ($userProfilePropertyManager -ne $null -and $userProfilePropertyCreateManager -ne $null) {
Add-CustomProperty "BusinessUnit" "Business Unit" $false $false $true "string" "3600" "AD_BusinessUnit" $userProfilePropertyCreateManager
}
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.
Stay tuned on Knowledge-Junction, will come up with more such articles.
I got the script to run in my environment and it displays the GAC, Version & Location at the end. But I do not see the custom AD attribute in the dropdown of SharePoint CA. Is the attribute only viewable via PowerShell?
The out of the box AD attribute will be displayed in SharePoint CA when you go to create new UPS property. But, if the attribute is custom AD attribute then it will not be visible in SharePoint CA.
You have to execute provided script with few variable changes to create new UPS property. Once, UPS property is created then you will be able to see that custom property.
I hope this answer your question. Please comment if you need anymore information.