I had set up a small Sharepoint 2010 farm, DB server, App server and WFE. The User Profile Service Application was running, and profile synchronization worked fine. However, I also wanted to export some properties back to AD, in this case the users Picture.
I mapped the Picture field to the AD attribute thumbnailPhoto, set the direction to export and started a Full Synchronization. (This blog post provides excellent information)
Nothing happended. (Well, the sync went just fine, but the Picture field was not populated. The problem was I couldn’t see any errors either, the export was not just happening. First I assumed this was a permissions issue, but then I should’ve seen errors in the logs, and granting permissions de luxe for the sync account didn’t help either. I opened miisclient.exe (no errors here neither), and when viewing a user profile that had set the Picture field, FIM still reported “Initial value” as empty. So I took a look in the Sync DB and viewed the “dbo.mms_metaverse”-table. Here I had a column “SPS_MV_OctetString_PictureURL”, but this was also empty for all users. Hmmm. Strange, the picture was in Sharepoint, I could see it with my own eyes, but it just wasn’t syncing.
Solution:
In the C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe.config file, add the following lines:
<system.net>
<defaultProxy>
<proxy usesystemdefault = “false” proxyaddress=”http://proxy.dummy.com:8080″ bypassonlocal=”true” />
</defaultProxy>
</system.net>
Then I restarted the server (the FIM services would probably have been enough), ran a full sync and the pictures was being exported. Somehow a rule on this network caused FIM not to get the changes from the User Profile Service Application (strange though, that import including custom fields and mapping worked fine). Anyways, inserting this dummy proxy made it work.