Office SharePoint Server Error: Event ID 7888

When starting a full or incremental import of Active Directory, either manually or scheduled, the import is successful, but there is an error thrown as soon as the import is initiated.  The following error is presented in the eventviewer.




Event Type: Error Event Source: Office SharePoint Server Event Category: Office Server General Event ID: 7888

Description: A runtime exception was detected. Details follow.

Message: Access Denied! Only site admin can access Data Source object from user profile DB.

Technical Details: System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB. at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec) at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead) at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource() at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName) Resolution

  1. Go to: Central Administration > Operations > Services on Server > Office SharePoint Server Search.
  2. In the “Configure Office SharePoint Server Search Service Settings” page, locate the account defined for “Farm Search Service Account” and write down the account name.
  3. Go to: Central Administration > Shared Services > Personalization services permissions.
    1. For reference, the account defined serves as the account for the AD “Configure Profile Account” access account.
    2. For reference, you can get to AD Profile Account page: Central Administration > Shared Services > User Profile and Properties > Configure Profile Import.
  4. Go to Central Administration > Shared Services > Personalization services permissions.
  5. On the “Manage Permissions: Shared Service Rights” page, add the account from before (or edit if already exists). The account needs the following permissions:
    1. Manage user profiles
    2. Manage permissions
  6. Run a full import and your problem should be solved.


Working as a Technical Enterprise Solutions Consultant at Ordina, specialized in SharePoint products, particular maintaining and configuring SharePointfarms. Windows 2008, SQL2008 and SharePoint 2010 certified.


1 Comment

  1. I read a lot of interesting content here. Probably you spend a lot of time writing, i know how to save you a lot of work, there is an online tool that creates unique, google friendly articles in minutes, just type in google – laranitas free content source

Leave a Reply