PROBLEMS:

  1. When doing a people search some of the people returned in the results show up twice.
  2. When pulling up the Org Chart on a user’s profile in SharePoint sometimes they have all the people they should above and below them in the organization and sometimes they don’t.

CAUSES:

There is two potential causes to the double results in people search but only one that I know of for the other.

1. Content Sources needs to be correct.

2. You must enable NetBIOS domain names on the corresponding User Profile service application.

Option number two is the only fix I know of for the org chart issue.

SOLUTIONS:

What is wrong with my content source?

Here is what needs to be fixed in the Content Sources:

Check your content sources under for multiple entries of sps3. If you have multiple entries remove one. To get there go to: Central Administration >>Search Service Application>>Search Administration>>Manage Content Sources>>Edit Content Source (This should be on your current content source.)

Your Start Addresses should look like this:

clip_image001

not this:

clip_image002 or this clip_image003

Having the Start Addresses for your content sources on the sps3:// setup like the two above screenshots will cause the content to be crawled twice and cause people to show up twice in the people search results. It should simply be set like the first screen shot to sps3://NAMEOFYOURWEBAPPLICATION. SharePoint is smart enough to crawl everything under that including your user profiles. Sps3 is used by SharePoint to call a specific web service hosted at whatever address is followed by it. If this was the issue in your case it will fix the double results in people search but not org chart incomplete info issue. Move on to the next solution if you have the org chart issue.

Why would I need to enable NetBIOS in SharePoint?

In your SharePoint farm the user profiles could appear to be corrupt because they may have imported in on what appears to SharePoint to be multiple domains. This will cause each users profile to be imported twice causing the double results for each user in people search results and some of the manager fields in the profiles will not match causing the Org Chart to not have correct information. This is caused when your Active Directory has different fully qualified domain name (FQDN) and NetBIOS names (User Logon name (pre-Windows 2000) for the domain.

For example: your domain FQDN may be buchatechnical.com but the NETBIOS name might be buchatech. If that is the case your users will import in as buchatechnical\USERNAME and buchatech\USERNAME showing up twice. See the following screenshot:

clip_image004

To fix this or avoid the issue all together SharePoint needs to be made aware that your domain is configured this way and then SharePoint will know how to handle the user profiles when importing them.

This text is from a TechNet article on setting up the User Profile Service Application:

If the NetBIOS name of any domain that you are synchronizing with differs from its fully qualified domain name, you must enable NetBIOS domain names on the User Profile service application. If all NetBIOS names are the same as the domain names, you may skip this procedure.

Here are the overall steps to fix the issue and enable NetBIOS for SharePoint:

NOTE: These steps are for going back and enabling NetBIOS on SharePoint after the User Profile Service Application has already been setup.

1. Remove the current User Profile Service Application.

NOTE: Removing the User Profile Service Application will remove the user profiles.

2. Restart the SharePoint web front end (or at least run iisreset).

3. Configure the User Profile Service Application again.

4. Enable NetBIOS for the User Profile Service Application.

5. Set Replicate Directory Changes permission on the domain for the service account that will be used for the User Profile Synchronization.

6. Set Replicate Directory Changes permission on a Configuration Container for the service account that will be used for the User Profile Synchronization.

7. Run a full User Profile Synchronization.

8. Check the results.

NOTE: Now in this post I am not going to walk through all of the above steps. I assume you know how to work with the User Profile Service Application and how to create the User Profile Synchronization connection. Here I am going to cover the steps that SharePoint admins might not be used to.

Steps to Enable NetBIOS for the User Profile Service Application:

  1. On the SharePoint Web Front End open Note Pad.
  2. Create the PowerShell script by copying the following Syntax into it:

$ServiceApps = Get-SPServiceApplication

$UserProfileServiceApp = ""

foreach ($sa in $ServiceApps)

{if ($sa.DisplayName -eq "<UPSAName>")

{$UserProfileServiceApp = $sa}

}

$UserProfileServiceApp.NetBIOSDomainNamesEnabled = 1

$UserProfileServiceApp.Update()

  1. Replace <UPSAName> with the name of your User Profile service application.
  2. Save this file as enablenetbios.ps1 somewhere in the 14 hive directory.

(.ps1 is the PowerShell script.) (14 Hive directory: %installdrive%:\Program Files\Microsoft Office Servers\14.0\Tools)

  1. Open SharePoint 2010 Management Shell with elevated permissions.
  2. Navigate to the directory with the PowerShell script in it

(Syntax: cd “%installdrive%:\Program Files\Microsoft Office Servers\14.0\Tools”).

  1. Run .\enablenetbios.ps1

Now permissions need to be granted to the account being used in the user profile synchronization connection.

The first one is Replicate Directory Changes permission on the domain and the second one is Replicate Directory Changes permission on the cn=configuration container through ADSI edit. Here are the steps to configure each of these:

How to set Replicate Directory Changes permission on the domain for the service account that will be used for the User Profile Synchronization:

  1. On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  2. In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
  3. On the first page of the Delegation of Control Wizard, click Next.
  4. On the Users or Groups page, click Add.
  5. Type the name of the synchronization account, and then click OK.
  6. Click Next.
  7. On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
  8. On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
  9. On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on Windows Server 2003), and then click Next.
  10. Click Finish.

How to set Replicate Directory Changes permission on a Configuration Container for the service account that will be used for the User Profile Synchronization:

  1. On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
  2. If the Configuration node is not already present, do the following:
    1. In the navigation pane, click ADSI Edit.
    2. On the Action menu, click Connect to.
    3. In the Connection Point area of the Connection Settings dialog box, click Select a well know Naming Context, select Configuration from the drop-down list, and then click OK.
  3. Expand the Configuration node, right-click the CN=Configuration… node, and then click Properties.
  4. In the Properties dialog box, click the Security tab.
  5. In the Group or user names section, click Add.
  6. Type the name of the synchronization account, and then click OK.
  7. In the Group or user names section, select the synchronization account.
  8. In the Permissions section, select the Allow check box next to the Replicating Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.

After all that is done and you run a full synchronization to import the users back in you should be all set. Winking smile

Leave a reply