It is possible to create new profiles and import the profile properties through synchronizing with a directory service. When you do so, there are several things that will occur with SharePoint Server 2013.
- A user profile will be created for each new user in the director service containers that are to be synchronized. It also fills in the properties of each new profile with the data it gets from directory service.
- Deletes the profile of users who have been removed from the directory service.
- When properties are going to be imported, the property in SharePoint user profile will implement the updates that correspond to the value of the changes within that directory service.
If you will be synchronizing with several directory services, each of them must provide unique users. It isn’t possible to synchronize a single user profile with more than one directory service. The Active Directory resource and logons allow the only scenarios where you can synchronize the same users from two directory services. The connection from the logon though has to prove those users. The connection to the resource will allow those properties for existing profiles to be connected to a business system.
It is possible to use the properties from existing user profiles for a business system. You aren’t going to have the ability to create new user profiles that way though. You won’t be able to write data back to a business system either. In order to import data from a business system, you have to create an external content type. This will bring the data from the business system to SharePoint Server 2013. From there, you will have the ability to synchronize user profiles that have an external content type.
For this to happen there has to be information that is shared with a user profile and an external content type. This information is shared through SharePoint Server 2013 in order to match the external content type to the correct user profile as it synchronizes. By defining the external content type, you also specify the field so that it is a match against the identifier for the external content type. You have to specify the user profile property so that it can be matched against it when you synchronize the connection to a business system.
After a user profile is created, you can allow users to modify the values of certain properties in that profile. You can configure the properties so that they data is going to be changed in SharePoint Server 2013 and then written back to the directory service. Each property has to be imported or exported, but you can’t do both with the same property.
You only have the ability to export data regarding a user to the directory service that the user was exported from. You won’t be able to create a new user account in the directory service through exploring the information from a user profile.
It is possible to create customized solutions that will use the SharePoint object model for creating the user profiles. When your solution doesn’t rely on profile synchronization then you have the option for removing those features from the SharePoint interface. To do this, select Enable External Identity Manager. This is found in the Configure Synchronization Settings page of Central Administration.
When you synchronize groups as well as users, information about the groups that exist in the directory service will be imported by SharePoint Server 2013. Every time that you synchronize, there will be updates to the groups and their membership information. There aren’t any profiles for groups so you can’t manipulate them with the use of SharePoint Server. Instead, you have to manage groups and their memberships in the directory service directly. The groups are only used one time to create audiences and to display the memberships for a visitor in SharePoint Server.