Office SharePoint Server Error: Event ID 7888

When starting a full or incremental import of Active Directory, either manually or scheduled, the import is successful, but there is an error thrown as soon as the import is initiated.  The following error is presented in the eventviewer.




Event ID 7888
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888

Description: A runtime exception was detected. Details follow.

Message: Access Denied! Only site admin can access Data Source object from user profile DB.

Technical Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)

  1. Go to: Central Administration > Operations > Services on Server > Office SharePoint Server Search.
  2. In the “Configure Office SharePoint Server Search Service Settings” page, locate the account defined for “Farm Search Service Account” and write down the account name.
  3. Go to: Central Administration > Shared Services > Personalization services permissions.
    1. For reference, the account defined serves as the account for the AD “Configure Profile Account” access account.
    2. For reference, you can get to AD Profile Account page: Central Administration > Shared Services > User Profile and Properties > Configure Profile Import.
  4. Go to Central Administration > Shared Services > Personalization services permissions.
  5. On the “Manage Permissions: Shared Service Rights” page, add the account from before (or edit if already exists). The account needs the following permissions:
    1. Manage user profiles
    2. Manage permissions
  6. Run a full import and your problem should be solved.

Check Also


Stop SharePoint services with powershell

With the release of the SharePoint 2013 Public Update last year we found out that …

Leave a Reply

Your email address will not be published. Required fields are marked *