Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Role synchronization failed for a user account (Duet Enterprise Online)

SharePoint 2013

Applies to: Duet Enterprise Online

Topic Last Modified: 2014-07-22

Summary:Learn how to resolve an issue where role synchronization fails for a particular user account.

The Role Synchronization (RoleSync) solution included with Duet Enterprise Online for Microsoft SharePoint and SAP enables SharePoint administrators to synchronize the SAP roles property that is stored in the SAP profile store with SharePoint user profiles. After role synchronization is performed, users can use SharePoint People Picker to grant permissions on any securable object in SharePoint, such as sites, lists, and files.

After new user accounts are added to Active Directory Domain Services (AD DS), the SAP system must synchronize with AD DS to discover the new user accounts. Then an SAP administrator can create an SAP user account for those AD DS users and associate an SAP role with them. If a user profile is created in SharePoint for the new users before the next Role Synchronization job is run on the SharePoint Online tenant, the SAP role assigned to the new user accounts will be synchronized with the SharePoint User Profile Store.

However, if this synchronization job occurs before the user account has been added to SharePoint, then the Role Synchronization job is unable to locate the user profile. If this occurs, SharePoint and will log an event for the administrator and proceed with synchronizing SAP roles for other user profiles. Future incremental synchronization jobs will also fail to synchronize the roles for the newly added users even after a user profile has been created in SharePoint for the new user.

To resolve this issue, run a profile synchronization job.

You must be a global administrator to complete this procedure.

Before you start this procedure, ask the SAP administrator to ensure that the "Synchronize roles to consumers" job has finished running on the SAP system.

The SAP administrator must run the "Synchronize roles to consumers" job periodically to synchronize the user roles on the SAP system with the SAP profile store on the server that is running SAP NetWeaver Gateway. We recommend that you do not synchronize the SAP user profile store with the SharePoint Online user profile store until the SAP administrator has completed the synchronization job. Otherwise, the synchronization job between the SAP profile store and the SharePoint Online user profile store can take much longer to complete. Also, recently added users might not be synchronized. Note that the "Synchronize roles to consumers" job takes approximately 80 minutes to synchronize 100,000 users, while synchronizing the profile store in SAP NetWeaver Gateway to the SharePoint user profile store takes approximately 100 minutes to synchronize 100,000 users.

To run a full synchronization job
  1. In the SharePoint admin center, on the Quick Launch, click duet enterprise and then click Configure SAP Roles Authorization.

  2. On the configure sap roles authorization page, in the Full Role Sync section, un-select the Request full synchronization check-box.

  3. Click OK.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft