SharePoint 2010 - User Profile Store
2 likes3,325 views
This document provides information on configuring the User Profile Service Application in SharePoint, including: - Creating the User Profile Service Application and starting the associated services - Configuring synchronization connections to Active Directory and selecting objects to sync - Setting required permissions for the sync account in Active Directory - Configuring properties, metadata, and pictures in user profiles - Importing or exporting profile data from other systems - Troubleshooting common sync issues like proxies and NetBIOS names
![<configuration> <system.net> <defaultProxy> <bypasslist> <add address="[a-z]+\.DOMAIN\.lan" /> <add address="192\.168\.0\.*" /> </bypasslist> </defaultProxy> </system.net></configuration>29Proxy OverrideAnd where are you going to put it…](https://image.slidesharecdn.com/userprofilestore-100917232303-phpapp02/85/SharePoint-2010-User-Profile-Store-31-320.jpg)
SharePoint 2010 - User Profile Store
- 1. SponsorsUser Profile StoreJoshua HaebetsSharePoint Solutions ArchitectEvolve Information Services
- 2. Joshua HaebetsSharePoint Consultant – Evolve Information ServicesPrincipal Consultant / Solutions Architect@jhaebets on Twitterwww.linkedin.com/in/jhaebetsBlog on the waywww.robotsdottxt.com
- 3. AgendaWhat is the User Profile Service ApplicationHow do you configure itWorking with profilesEnhancing the profile service
- 4. People4
- 7. The Service App.Web Applicationshttp://sharepoint.mycompany.comUser Profile ServiceSync ServiceSocial DBProfile DBSync DB
- 8. Sync StorageStaging during syncAggregated DataConnectorSpace (CS)Metaverse(MV)8
- 9. 6. Data is sent to MV. Including Exports from UPS. And to AD CS1. Import from Active Directory Data into AD CS2. Import from SharePoint UPS into SP CSMV7. Data sent from AD CS to Active Directory8. Data check and validated from AD to AD CS4. Export data from CS to SharePoint UPSAD5. Import and data confirmation3. Data is sent to CS3. Data is sync’d with the MVAD CSSP CSSharePoint UPS9
- 10. Data StoresProfileSyncSocialTags, Ratings, Keyword, Bookmarks and CommentsSync Staging DBProfile Data and Activity Feed10
- 11. Getting it working11Create MySite HostCreate the User Profile Service ApplicationStart the User Profile Service Start the User Profile Synchronization Service Configure Synchronization Connections
- 12. From Central AdministrationManage Service Applications New User Profile Service Application12Create the User Profile Service ApplicationPowershell$ups = New-SPProfileServiceApplication-Name "User Profile Service Application" -ApplicationPool “User Profile Application Pool" -MySiteHostLocation "http://sps-ups/my" -MySiteManagedPath "my/personal" -ProfileDBName “SPS-UPS_ProfileDB" -ProfileSyncDBName “SPS-UPS_SyncDB" -SocialDBName “SPS-UPS_SocialDB" New-SPProfileServiceApplicationProxy -Name "User Profile Service Application Proxy" -ServiceApplication $ups -DefaultProxyGroup
- 13. From Central AdministrationManage Services on Server User Profile Service Start13Start the User Profile Service Powershell$upservice = get-spserviceinstance | where($_.TypeName.Contains(“User Profile Service”)}Start-spserviceinstance –identity $upservice
- 14. From Central AdministrationManage Services on Server User Profile Synchronization Service StartEnter Farm Account PasswordFarm Account must be local admin on server to provision sync serviceFarm Account must have logon locally once service has been provisioned Powershell script at the end of the deck14Start the User Profile Synchronization Service Powershell – a little harder than most
- 15. 15Configure Synchronization Connections Active Directory Domain Services Novell eDirectory(LDAP)Sun Java Directory Service(LDAP)IBM Tivoli (LDAP)
- 16. Active Directory PermissionsCreate a service account for Active Directory read and write16Isolate rolesManage PermissionsKeep domain admins happy
- 17. Replicate Directory ChangesDelegate control on your domain and grant Replicate Directory Changes This give you importpermissions
- 18. More PermissionsCreate Child Objects permissions for the User Profile Service AccountUsing ADSIEditAllows you to write back to Active Directory…..almost
- 19. More sync permissionsOne more in ADSIEditAdvanced Find UPS Service AccountWrite All PropertiesCreate All Child ObjectsThere will be two instances
- 20. Connecting to ADAuto domain controller or specify oneEnter the User Profile service account credentials
- 21. Select the OU/s you want to SyncSay goodbye to LDAP Queries21Configure Synchronization Connections
- 22. Almost there…Connection FiltersEasily exclude disabled accounts from sync22
- 23. Forefront Identity ManagerC:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell23
- 24. Get Permissions right or…24No write back to ADNo SyncYou can only do Full Sync
- 26. Frequency..Hourly, Daily, Weekly, Monthly
- 27. Server load and Directory Service Load
- 28. Or minutes (up to 59) 26
- 30. 28ProxiesMake sure you do not have any proxies in usenetshwinhttp show proxyNo proxy / Direct access doesn’t mean it is so
- 31. <configuration> <system.net> <defaultProxy> <bypasslist> <add address="[a-z]+\.DOMAIN\.lan" /> <add address="192\.168\.0\.*" /> </bypasslist> </defaultProxy> </system.net></configuration>29Proxy OverrideAnd where are you going to put it…
- 32. 30Proxy OverrideC:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\owstimer.exe.configWeb.config of you Central Administrator Web Application <system.net> <defaultProxy /> </system.net>3. C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\MIISClient.exe.config4. C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\MIIServer.exe.configYes that makes four locations
- 33. By default the User Profile Service Application runs with Netbiosdisabled
- 34. If you find profiles are NetBiosName\Username
- 38. Configuration container in ADSI, replication directory changes31Netbios Names
- 39. Powershell and only Powershell$ups = get-spserviceapplication | where{$_.displayname.contains(“User”)}$ups.NetBIOSDomainNamesEnabled = $true$ups.update()$ups.NetBIOSDomainNamesEnabled True32Enable NetbiosDelete and recreate the connection to the directory store
- 40. What does it all mean
- 41. Profile PropertiesCreate custom properties
- 44. Footy Team
- 45. Write back to Active Directory
- 46. Never fear, import only by default34
- 48. Office Locations
- 49. Job Titles
- 50. Products
- 51. Customers
- 52. Profile Properties can use Managed Metadata 35
- 54. Sub TypesSeparate profiles for employee types;Part-time / casual employeesContractorsConsultants37 Work daysStart and/or End DateVendor / ConsultancyCapture only the information you need for each profile type
- 55. Import or ExportPlan what you want to write back. One off import and managed from SharePoint? Can HR managed everything from SharePoint now? 38
- 57. Email analysisSharePoint reads your emails.Never fear, this is a good thing
- 58. PicturesStored in “User Photos” at the rootweb of the MySite site collection3 versionsLarge 144x144 Medium 96x96Small 32x32Will size by longest edgeWrite back to AD and see them in Outlook41
- 59. BCS Data Source42Not with User ProfilesImport only
- 60. Getting data from other systems43
- 61. Importing from LOB Systems
- 62. Data in - data outLOB System to SharePointAD to SharePointSharePoint to AD
- 63. Data in - data outIdentity management for the masses
- 64. Patches……they were quickKB983497http://support.microsoft.com/kb/983497Almost completely dedicated to the user profile issuesFixes issues with;large data stores Groups and membersSQL locks Delays in syncactivity feed
- 65. SummaryFollowing the steps and UPS will work every time
- 66. Plan what data (properties) you need
- 69. What goes back to your directory service
- 70. What other systems have data to enrich users profilesContact Joshua.haebets@evolve-is.com.auSlides will be here www.slideshare.net/jhaebetsKeep an eye on www.robotsdottxt.comwww.linkedin.com/in/jhaebets
- 71. SponsorsThanks For Listening!Be sure to submit your feedbackif you want to be in the draw towin the Xbox 360 and other prizes!
- 72. # Start the profile synchronization service on a server function Start-ProfileSynchronizationService{PARAM ([string] $ProfileApplication = $(throw "You must provide a user profile service application name"),[string] $Machine,[string] $Password = $(throw "You must enter the password of the farm account (SharePoint timer service account)"))$upaApp = Get-SPServiceApplication | ? {$_.name -like $ProfileApplication}if ($Machine -eq $null -Or $Machine -eq"") {# get the current machine $Machine = [System.Environment]::MachineName}$syncService = Get-SPServiceInstance | ? {$_.typeName -like "User Profile Synchronization Service" -And $_.Server.Address -like $Machine}## get default timer service account$serviceAccount = (Get-SPFarm).DefaultServiceAccountWrite-Output([System.String]::Format("Starting user profile sync service on machine {0} for UPA {1}; service account is {2}", $Machine, $upaApp.Name, $serviceAccount.Name))$upaApp.SetSynchronizationMachine($Machine, $syncService.Id, $serviceAccount.Name, $Password) }## Use the function Start-ProfileSynchronizationService to start profile synchronization servicewrite-output "Starting user profile sync service"$machine = read-Host("Please enter the server on which you want to run the profile sync service (by default is current machine)")$upa = read-Host("Please enter the UPA name the profile sync service will be associated with") $password = read-Host("Please enter the service account (farm account) password")start-ProfileSynchronizationService -ProfileApplication $upa -Machine $machine -Password $password51Start the User Profile Synchronization Service