Skip to content

SPUserProfileSyncService

Jump to bottom
dscbot edited this page Mar 17, 2023 · 19 revisions

SPUserProfileSyncService

Parameters

Parameter Attribute DataType Description Allowed Values
UserProfileServiceAppName Key String The name of the user profile service for this sync instance
Ensure Write String Present to ensure the service is running, absent to ensure it is not Present, Absent
RunOnlyWhenWriteable Write Boolean Should the sync service only run when the user profile database is in a writeable state?

Description

Type: Specific Requires CredSSP: Yes

This resource is responsible for ensuring that the user profile sync service has been provisioned (Ensure = "Present") or is not running (Ensure = "Absent") on the current server.

The specified PSDSCRunAsCredential cannot be the Farm Account. The resource will throw an error when it is.

To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in the Administrators group. Therefore this resource will add the Farm Account credential to the local administrators group at the beginning of the set method and remove it again later on.

The default value for the Ensure parameter is Present. When not specifying this parameter, the user profile sync service is provisioned.

NOTE: Due to the fact that SharePoint requires certain User Profile components to be provisioned as the Farm account, this resource and SPUserProfileServiceApp retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/

Examples

Example 1

This example provisions the user profile sync service to the local server

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $SetupAccount
    )

    Import-DscResource -ModuleName SharePointDsc

    node localhost
    {
        SPUserProfileSyncService UserProfileSyncService
        {
            UserProfileServiceAppName = "User Profile Service Application"
            Ensure                    = "Present"
            RunOnlyWhenWriteable      = $true
            PsDscRunAsCredential      = $SetupAccount
        }
    }
}

SharePointDSC

SharePointDsc Module

Clone this wiki locally