I followed this guide to set up User Profile Service
And below is some hints.
Make sure that 2 ForeFront service are running.
The farm account HAS TO BE A LOCAL ADMINISTRATOR. I am sorry but there is no way around this right now so quit trying to avoid it. Having a problem figuring out what account is your farm account? I can help with that.
The farm account has to be able to logon as a service. By default a local administrator can but just in case you have locked down your server extra tight this might come up as it did for Todd the other day.
- Central Admin > System Settings > Manage services on server
- Scroll down and find the User Profile Synchronization Service and click Start
- You will see an account listed. This is the account that must be a local administrator account
- If you are adding this account to the local administrators group for the first time right now you should reboot your server after you finish. If you don’t you will get some nasty DCOM errors that will not go away until you are a local admin and reboot.
This same farm account has to have the Replicate Directory Changes permission in active directory. This is also not optional. I also ran into an issue when the forest functional level in active directory was still 2000 but I cannot find the notes on that. Something about this Replicate Directory Changes not being possible.
An oddity I don’t really understand but have seen once. In one case I had to log onto the server as the farm admin account one time before I was able to get the service to start. Most of the time this is the case but once it was. Very odd. This blog post had the same issue.
If you get the service started and then try to manage the user profile service application and get some silly error pop up you just need to do an IISRESET.