Synchronizing SharePoint profiles data from LDS



  • On number of occasions, when using claims authentication, Trusted provider bases its authentication on Active Directory LDS.
  • In these cases, profile data from LDS needs to be imported into SharePoint



SharePoint 2010 supports synchronization , offers mechanism to integrate with different directory services like Active Directory Domain Services, SunOne, Novell directory etc. But out of the box there is no support for synchronizing user profiles with Active Directory Light Directory Services (AD LDS). Hence in scenarios where it is necessary to synchronize with AD LDS, it is recommended to make use of LDIFDE utility (available with Windows 2008 server OS) to extract the profile attributes into flat file and then follow the process as documented in Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) -


Integration Design and Process


Listed below are the high level details associated with the profile synchronization process





Potential Issue

  • Once imported, these profiles need to be linked up with individual users logging into SharePoint using configured Tursted Identity Provider. If this link is absent, then SharePoint ends up creating another profile based on data of the logged user (this contains nothing but the account name)



  • One profile per user should exist in SharePoint (not multiple)




LDS Attribute Name

(Used by LDIF MA)

Fim Metaverse Attirbute Name

(Used by ILM MA)

SharePoint Property Name

(Used by SharePoint MA)





Value in this property needs to match the user's login id. This is the field that SharePoint checks once a user logs in and makes the link to the specific profile.




Hard coded value. This value does not come from LDS

"Trusted Identity Provider Name"



Hard coded value. This value does not come from LDS