Information about user profile synchronization in SharePoint Online

INTRODUCTION
This article describes the User Profile Active Directory Import timer job, which is known as AD Import. The Active Directory Import timer job is part of a larger user synchronization pipeline in Office 365.
PROCEDURE

Office 365 user synchronization pipeline

SharePoint Online uses the Active Directory Import timer job (AD Import) to import users and groups into the User Profile Application. AD Import syncs changes from the SharePoint Online (SPO) Directory Store to the User Profile Application. The timer job requests changes from the SPO Directory Store and then copies the values to the user profile properties that are configured for synchronization. AD Import syncs a subset of the Azure Active Directory attributes that are synced by Azure AD Connect. The profile properties that are synced by AD Import aren't configurable.

SPO user profile sync pipeline


Breakdown of the processes in the pipeline

There are four processes in the user synchronization pipeline in Office 365:
Sync processDescription
Azure AD ConnectAzure AD Connect syncs data from your on-premises Active Directory to Azure Active Directory. For more information, see: Integrating your on-premises identities with Azure Active Directory.
AAD to SPO SyncAzure Active Directory syncs data from Azure Active Directory to the SPO Directory Store.
AD ImportActive Directory Import syncs data from the SPO Directory Store to the User Profile Application.
WSS SyncWSS Sync syncs data from the User Profile Application to the SharePoint Online site collection.

Profile properties that are synced with AD Import

AD Import syncs the following Azure Active Directory attributes to the User Profile Application: 
Azure Active Directory attributeSPO User Profile propertyNotes
UserPrincipalNameDisplayName: User Name
Name:
UserName
The value in this property is used to create the path of a user’s OneDrive for Business site collection.

For example:
gherrera@contoso.com and /gherrera_contoso_com/

This property is replicated to the site collection by WSS Sync.
UserPrincipalNameDisplayName: Account name

Name: AccountName
This property stores the claims-encoded User Principal Name for the user.

For example: i:0#.f|membership|gherrera@contoso.com

This property is used to look up the user profile.
UserPrincipalNameDisplayName: Claim User Identifier

Name: SPS-ClaimID
This property stores the user’s claims identifier. The identifier is the User Principal Name.

For example: gherrera@contoso.com
UserPrincipalNameDisplayName: User Principal Name

Name: SPS-UserPrincipalName
This property stores the User Principal Name of the user.

For example: gherrera@contoso.com
GivenNameDisplayName: First name

Name: FirstName
This property is replicated to the site collection by WSS Sync.

For example: Gabriela
snDisplayName: Last name

Name: LastName
This property is replicated to the site collection by WSS Sync.

For example: Herrara
ManagerDisplayName: Manager

Name: Manager
The manager property is used to determine colleagues and will be used in the user profile and OneDrive for Business deletion process. 

For more information see: 3042522 How user profiles are deleted in SharePoint Online and OneDrive for Business.
DisplayNameDisplayName: Name

Name: PreferredName
This property is replicated to the site collection by WSS Sync.

For example: Gabriela Herrara
telephoneNumberDisplayName: Work phone

Name: WorkPhone
This property is replicated to the site collection by WSS Sync.

For example: (123) 456-7890
proxyAddressesDisplayName: Work email

Name: WorkEmail
Processed in this order when it's added to the profile: 
  • WorkEmail if the value in proxy address is prefixed with SMTP: (Must be in CAPS)
  • WorkEmail if the value in proxy address is prefixed with smtp: (Must be lowercase)

This property is replicated to the site collection by WSS Sync.

For example: gherrera@contoso.com
ProxyAddressesDisplayName: SIP Address

Name: SPS-SIPAddress
SPS-SIPAddress if the value in proxy address is prefixed with sip:.

This property is replicated to the site collection by WSS Sync.
PhysicalDeliveryOfficeNameDisplayName: Office

Name: Office
This property is replicated to the site collection by WSS Sync.
TitleDisplayName: Title

Name: Title
This property is replicated to the site collection by WSS Sync
TitleDisplayName: Job Title

Name: SPS-JobTitle
SPS-JobTitle contains the same value as Title. SPS-JobTitle is connected to a Term Set.

This property isn't replicated to the site collection.
DepartmentDisplayName: Department

Name: Department
This property is replicated to the site collection by WSS Sync.
DepartmentDisplayName: Department

Name: SPS-Department
SPS-Department contains the same value as Department. SPS-Department is connected to a Term Set.

This property isn't replicated to the site collections.
WWWHomePageDisplayName: Public site redirect

Name: PublicSiteRedirect
PreferredLanguageDisplayName: Language Preferences

Name: SPS-MUILanguages
SPS-MUILangauges is used by SPO to determine which language a site is displayed in for the user when MUI is enabled. 
msExchHideFromAddressListDisplayName: SPS-HideFromAddressLists

Name: SPS-HideFromAddressLists
msExchRecipientTypeDetailsDisplayName: SPS-RecipientTypeDetails

Name: SPS-RecipientTypeDetails
ObjectGuidDisplayName: Active Directory Id

Name: ADGuid
Internal
DistinguishedNameDisplayName: Distinguished Name

Name: SPS-DistinguishedName
Internal
ObjectIdDisplayName: msonline-ObjectId

Name: msOnline-ObjectId
Internal
UserTypeDisplayName: SPS-UserType

Name: SPS-UserType
Internal

MORE INFORMATION

Frequently asked questions (FAQs)

Q1.When should I expect to see my changes in the User Profile Application?

A1.
 AD Import syncs changes from the SPO Directory. The changes are processed in batches, and the timer job runs until the changes from the SPO Directory are synced to the User Profile Application. The time that's required depends on the number of changes (work) the AD Import Job has to process. If there are many changes, the timer job has a lot of work to do, and it will take longer for the changes to be reflected in the User Profile Application. If the timer job has a small volume of work to do, the changes will be reflected in the User Profile Application much faster.

AD Import is one of the synchronizations that make up the overall time for a user to be fully synchronized. The AD Import timer job processes changes from the SPO Directory continuously. AD Import processes changes for every tenant in a SharePoint Online server farm.

The Service Level Agreement (SLA) states that a change to a user in the SPO Directory will be reflected in the User Profile Application in 24 hours. This is the maximum period of time under ordinary conditions that we would expect a change to take to sync to the User Profile Application. For more information, see Manage SharePoint Online user profiles from the SharePoint admin center.

Note Tenants that have an Office 365 Education SKU won't have all their users imported by default. A stub profile for the user will be created upon first access to SharePoint Online. When the stub profile is created, the profile will be imported as part of the next AD Import Job.

Q2.Does the AD Import sync always overwrite the properties in the SharePoint Online user profile?

A2.
 For the properties that are synced by AD Import, expect them to be overwritten with the values from Azure Active Directory.

Q3.Does AD Import update only properties that have changed?

A3.
 AD Import is driven primarily by changes that occur upstream. But it may run a full import as necessary. It's possible that all properties for a tenant or a user could be synced.

Q4.Why isn't it possible to map additional properties for AD Import to sync from Azure Active Directory to the User Profile Application?

A4.
AD Import is limited to a preconfigured set of properties to guarantee consistent performance of the timer job.


Still need help? Go to the Office 365 Community website.
Properties

Article ID: 3168272 - Last Review: 08/26/2016 20:11:00 - Revision: 4.0

Microsoft SharePoint Online

  • o365 o365e o365p o365a o365m o365022013 KB3168272
Feedback