Skip to content

SPUserProfileSyncService

Yorick Kuijs edited this page Nov 8, 2018 · 19 revisions

SPUserProfileSyncService

Parameters

Parameter Attribute DataType Description Allowed Values
UserProfileServiceAppName Key string The name of the user profile service for this sync instance
Ensure Write string Present to ensure the service is running, absent to ensure it is not Present, Absent
FarmAccount Write PSCredential PARAMETER IS NOT USED ANYMORE, WILL BE REMOVED IN V3.0
RunOnlyWhenWriteable Write Boolean Should the sync service only run when the user profile database is in a writeable state?
InstallAccount Write PSCredential POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5

Description

Type: Specific Requires CredSSP: Yes

This resource is responsible for ensuring that the user profile sync service has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server.

The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. The resource will throw an error when it is.

To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in the Administrators group. Therefore this resource will add the Farm Account credential to the local administrators group at the beginning of the set method and remove it again later on.

The default value for the Ensure parameter is Present. When not specifying this parameter, the user profile sync service is provisioned.

NOTE: Due to the fact that SharePoint requires certain User Profile components to be provisioned as the Farm account, this resource and SPUserProfileServiceApp retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/

Examples

Example 1

This example provisions the user profile sync service to the local server

    Configuration Example 
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount,

            [Parameter(Mandatory = $true)]
            [PSCredential]
            $FarmAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            SPUserProfileSyncService UserProfileSyncService
            {
                UserProfileServiceAppName   = "User Profile Service Application"
                Ensure                      = "Present"
                FarmAccount                 = $FarmAccount
                RunOnlyWhenWriteable        = $true
                InstallAccount              = $SetupAccount
            }
        }
    }
Clone this wiki locally