I tried to configure User Profile Synchronization Service in SharePoint Server 2013 by doing the following
- Open Central Administration as a Farm account.
- Go to Application Management > Manage Service Application.
- Create a New User Profile Service Application.
- The Create New User Profile Service Application page will be shown.
- After the UPS service has been created successfully, I went back to
- System Settings > Manage Services on Server.
I tried to restart UPS service. But unfortunately, I found out unexpected behavior;
User Profile Synchronization Service is starting then it stopped!
As I have mentioned before at User Profile Synchronization Service Stuck on ‘Starting’, there are more reasons that raise this issue,
In some cases, this issue occurs if you are using SQL server 2014 with SharePoint 2013, in this case, you just need to patch your farm with the June 2014 CU or higher one.
But In this case, The problem was related to the permission of the farm account
The farm account must be added to local administrator group during starting and provisioning UPS service.
To add a farm account to local Administrator group, you should follow the mentioned steps:
- Open Server Manager > Tools > Computer Management.
- From left side > Select Local User and Groups > Click on Groups > Administrator Group.
- Right Click on Group name > Properties > From Member tab > Select the service account > Add.
Note: If the Active Directory had been installed on the same SharePoint Server for only testing/DEV purpose. you could add the farm account to the Administrator Group as the following:
- Open Active Directory Users and Computer as administrator.
- From left side > Select Buildin > Double click on Administrators groups.
- From Members Tap > Select the service account > Click Add.
- Repeat the previous steps on all SharePoint Servers that running this service.
Note: Any changes to the farm account, will require to restart the SharePoint 2013 Timer service or restart the server.
This ensures that every SharePoint service that is currently running as the farm account is using the latest credentials.
- Go back to System Settings > Manage Services on Server.
- Try to start UPS service that should be started now.
If it’s not started, you should follow the mentioned instruction in this article or try to restart the server then delete and reconfigure UPS service again!
Keep in mind, adding the farm account to local Administrator group is required only to start the User Profile Synchronization service.
After the User Profile Synchronization service has been started, you should remove the farm account from the Administrators group to avoid raising the following security warning in Health Analyzer.
Accounts used by application pools or service identities are in the local administrator group