SharePoint: Report OUs Included in User Profile Synchronization Configurations

  • Article

Summary

This TechNet Wiki is to share a PowerShell snippet which retrieves Included OU in SharePoint 2010 User Profile Synchronization. Ensure you are farm admin while executing the script. Please do read the code and execute in Acceptance and then in Production.

Background

This morning we received some email alerts "Your Mysite is marked for deletion". Indeed the User ID is not disabled but moved from one OU to another OU. So what's wrong in it? Nothing much if your SharePoint 2010 UP SYNC Connections has all the OUs. If not, it's a challenge. You can review more articles on the web. We started analysing the issue. Technically each and every SP admin had different opinions.

Conclusion

SP Admins get me the Included OU list in SharePoint UPS SYNC. Follow the below process:

  1. Disable MySite Clean Up Timer Job.
  2. Edit Sync settings.
  3. Drill down the Forest and get me the OU names.

Solution

Above steps are easy to draft as solution document but it's huge work for SP Admins. Running Mysite clean up job manually will become an operational task. We do have a one-step solution - Open SharePoint Shell Management and execute the below code:

Add-PSSnapin Microsoft.SharePoint.PowerShell

$userprofileService = @(Get-SPServiceApplication | Where-Object {$_.TypeName -eq 'User Profile Service Application'})[0]

$context = [Microsoft.SharePoint.SPServiceContext]::GetContext($ups.ServiceApplicationProxyGroup,[Microsoft.SharePoint.SPSiteSubscriptionIdentifier]::Default)

$ConfigMgr = New-Object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($context)

$AD = $ConfigMgr.ConnectionManager

$AD | Select -ExpandProperty NamingContexts | Select -ExpandProperty ContainersIncluded

Modify the above code as required. You can export to CSV and share the report.

Output

AD PowerShell Tip

If you don't want AD admin to compare the OU in AD manually, a quick tip to get OU names from AD is below:

Get-ADOrganizationalUnit -SearchScope OneLevel -Filter * | Select Name

Enjoy PowerShell :)