SharePoint 2010 - Unable to create a new Profile Synchronization Connection with a forest containing Windows Server 2000 domain controllers

Symptoms

When you try to create a new Profile Synchronization Connection with the import source as Active Directory, the operation fails with the followng error:

Unable to process Put message

Additionally you see the following event being logged in the application event log of the SharePoint 2010 server:

Log Name: Application
Event ID: 6306
Task Category: Server
Level: Error
Source: FIMSynchronizationService

Description:
The server encountered an unexpected error while performing an operation for the client.
"ERR: MMS(4132): amparse.cpp(1799): AM: attribute 'sAMAccountName' is not a member of source class 'contact' or any of its auxiliary classes
BAIL: MMS(4132): amparse.cpp(1799): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): amparse.cpp(1300): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): xstack.cpp(525): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): xparse.cpp(525): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): iafexec.cpp(143): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
ERR: MMS(4132): mastate.cpp(12116): Error creating import attribute flow rules object: 0x80230516
BAIL: MMS(4132): mastate.cpp(12204): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): mastate.cpp(10928): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)
BAIL: MMS(4132): server.cpp(3726): 0x80230516 (The attribute mapping rules XML defines an invalid/incomplete rule.)

Cause

The target forest/domain which SharePoint is synchronizing with contains Windows 2000 domain controller.

Resolution

Upgrade the Windows 2000 functional level domain controllers to Windows 2003 or higher domain functional level.

More Information

In Windows server 2003 and later the contact classes inherit dynamically from the securityPrincipal, where sAMAccountName is defined. For a more detailed description, see Dynamic Auxiliary Classes  

In Windows serer 2000, Dynamic Auxiliary Classes do not exist. Therefore, the sAMAccountName mapping for the contact class is invalid for Windows server 2000. 

Windows 2000 is not listed in the Supported Directory Services for Profile Synchronization

Properties

Article ID: 2410070 - Last Review: Feb 11, 2013 - Revision: 1

Feedback