Your SlideShare is downloading. ×
0
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
SharePoint 2010 - User Profile Store
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SharePoint 2010 - User Profile Store

8,130

Published on

Session from SharePoint Saturday Canberra.

Session from SharePoint Saturday Canberra.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
8,130
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Sponsors<br />User Profile Store<br />Joshua Haebets<br />SharePoint Solutions Architect<br />Evolve Information Services<br />
  • 2. Joshua HaebetsSharePoint Consultant – Evolve Information Services<br />Principal Consultant / Solutions Architect<br />@jhaebets on Twitter<br />www.linkedin.com/in/jhaebets<br />Blog on the way<br />www.robotsdottxt.com<br />
  • 3. Agenda<br />What is the User Profile Service Application<br />How do you configure it<br />Working with profiles<br />Enhancing the profile service<br />
  • 4. People<br />4<br />
  • 5. Getting Profiles<br />
  • 6. Windows Identity Foundation<br />6<br />
  • 7. The Service App.<br />Web Applications<br />http://sharepoint.mycompany.com<br />User Profile Service<br />Sync Service<br />Social DB<br />Profile DB<br />Sync DB<br />
  • 8. Sync Storage<br />Staging during sync<br />Aggregated Data<br />ConnectorSpace (CS)<br />Metaverse<br />(MV)<br />8<br />
  • 9. 6. Data is sent to MV. Including Exports from UPS. And to AD CS<br />1. Import from Active Directory Data into AD CS<br />2. Import from SharePoint UPS into SP CS<br />MV<br />7. Data sent from AD CS to Active Directory<br />8. Data check and validated from AD to AD CS<br />4. Export data from CS to SharePoint UPS<br />AD<br />5. Import and data confirmation<br />3. Data is sent to CS<br />3. Data is sync’d with the MV<br />AD CS<br />SP CS<br />SharePoint <br />UPS<br />9<br />
  • 10. Data Stores<br />Profile<br />Sync<br />Social<br />Tags, Ratings, Keyword, Bookmarks and Comments<br />Sync Staging DB<br />Profile Data and Activity Feed<br />10<br />
  • 11. Getting it working<br />11<br />Create MySite Host<br />Create the User Profile Service Application<br />Start the User Profile Service <br />Start the User Profile Synchronization Service <br />Configure Synchronization Connections<br />
  • 12. From Central Administration<br />Manage Service Applications  New  User Profile Service Application<br />12<br />Create the User Profile Service Application<br />Powershell<br />$ups = New-SPProfileServiceApplication-Name &quot;User Profile Service Application&quot; -ApplicationPool “User Profile Application Pool&quot; -MySiteHostLocation &quot;http://sps-ups/my&quot; -MySiteManagedPath &quot;my/personal&quot; -ProfileDBName “SPS-UPS_ProfileDB&quot; -ProfileSyncDBName “SPS-UPS_SyncDB&quot; <br />-SocialDBName “SPS-UPS_SocialDB&quot; <br />New-SPProfileServiceApplicationProxy -Name &quot;User Profile Service Application Proxy&quot; -ServiceApplication $ups -DefaultProxyGroup<br />
  • 13. From Central Administration<br />Manage Services on Server  User Profile Service  Start<br />13<br />Start the User Profile Service <br />Powershell<br />$upservice = get-spserviceinstance | where($_.TypeName.Contains(“User Profile Service”)}<br />Start-spserviceinstance –identity $upservice<br />
  • 14. From Central Administration<br />Manage Services on Server  User Profile Synchronization Service  Start<br />Enter Farm Account Password<br />Farm Account must be local admin on server to provision sync service<br />Farm Account must have logon locally once service has been provisioned <br />Powershell script at the end of the deck<br />14<br />Start the User Profile Synchronization Service <br />Powershell – a little harder than most<br />
  • 15. 15<br />Configure Synchronization Connections<br /> Active Directory Domain Services <br />Novell eDirectory(LDAP)<br />Sun Java Directory Service(LDAP)<br />IBM Tivoli (LDAP)<br />
  • 16. Active Directory Permissions<br />Create a service account for Active Directory read and write<br />16<br />Isolate roles<br />Manage Permissions<br />Keep domain admins happy<br />
  • 17. Replicate Directory Changes<br />Delegate control on your domain and grant Replicate Directory Changes <br />This give you importpermissions<br />
  • 18. More Permissions<br />Create Child Objects permissions for the User Profile Service Account<br />Using ADSIEdit<br />Allows you to write back to Active Directory…..almost<br />
  • 19. More sync permissions<br />One more in ADSIEdit<br />Advanced  Find UPS Service Account<br />Write All Properties<br />Create All Child Objects<br />There will be two instances<br />
  • 20. Connecting to AD<br />Auto domain controller or specify one<br />Enter the User Profile service account credentials<br />
  • 21. Select the OU/s you want to Sync<br />Say goodbye to <br />LDAP Queries<br />21<br />Configure Synchronization Connections<br />
  • 22. Almost there…<br />Connection Filters<br />Easily exclude disabled accounts from sync<br />22<br />
  • 23. Forefront Identity Manager<br />C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShell<br />23<br />
  • 24. Get Permissions right or…<br />24<br />No write back to AD<br />No Sync<br />You can only do Full Sync<br />
  • 25. Performing a Sync<br />
  • 26. Frequency..<br /><ul><li>Hourly, Daily, Weekly, Monthly
  • 27. Server load and Directory Service Load
  • 28. Or minutes (up to 59) </li></ul>26<br />
  • 29. 27<br />Still having trouble?<br />
  • 30. 28<br />Proxies<br /><ul><li>Make sure you do not have any proxies in use</li></ul>netshwinhttp show proxy<br />No proxy / Direct access doesn’t mean it is so<br />
  • 31. &lt;configuration&gt;<br />   &lt;system.net&gt;<br />      &lt;defaultProxy&gt;<br />         &lt;bypasslist&gt;<br />            &lt;add address=&quot;[a-z]+.DOMAIN.lan&quot; /&gt;<br />            &lt;add address=&quot;192.168.0.*&quot; /&gt;<br />         &lt;/bypasslist&gt;<br />      &lt;/defaultProxy&gt;<br />   &lt;/system.net&gt;<br />&lt;/configuration&gt;<br />29<br />Proxy Override<br />And where are you going to put it…<br />
  • 32. 30<br />Proxy Override<br />C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BINowstimer.exe.config<br />Web.config of you Central Administrator Web Application<br /> &lt;system.net&gt;<br /> &lt;defaultProxy /&gt;<br /> &lt;/system.net&gt;<br />3. C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShellMIISClient.exe.config<br />4. C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceBinMIIServer.exe.config<br />Yes that makes four locations<br />
  • 33. <ul><li>By default the User Profile Service Application runs with Netbiosdisabled
  • 34. If you find profiles are NetBiosNameUsername
  • 35. Eg. Netbios.domain.lan
  • 36. Appears as Netbiosjoshua.haebets
  • 37. Should be domainjoshua.haebets
  • 38. Configuration container in ADSI, replication directory changes</li></ul>31<br />Netbios Names<br />
  • 39. Powershell and only Powershell<br />$ups = get-spserviceapplication | where{$_.displayname.contains(“User”)}<br />$ups.NetBIOSDomainNamesEnabled = $true<br />$ups.update()<br />$ups.NetBIOSDomainNamesEnabled<br /> True<br />32<br />Enable Netbios<br />Delete and recreate the connection to the directory store<br />
  • 40. What does it all mean<br />
  • 41. Profile Properties<br /><ul><li>Create custom properties
  • 42. Clients / Accounts
  • 43. Previous Employer
  • 44. Footy Team
  • 45. Write back to Active Directory
  • 46. Never fear, import only by default</li></ul>34<br />
  • 47. Managed Metadata<br /><ul><li>Create standards
  • 48. Office Locations
  • 49. Job Titles
  • 50. Products
  • 51. Customers
  • 52. Profile Properties can use Managed Metadata </li></ul>35<br />
  • 53. Profile Properties<br />
  • 54. Sub Types<br />Separate profiles for employee types;<br />Part-time / casual employees<br />Contractors<br />Consultants<br />37<br /> Work daysStart and/or End Date<br />Vendor / Consultancy<br />Capture only the information you need for each profile type<br />
  • 55. Import or Export<br />Plan what you want to write back. <br />One off import and managed from SharePoint? <br />Can HR managed everything from SharePoint now? <br />38<br />
  • 56. Profile Properties<br />
  • 57. Email analysis<br />SharePoint reads your emails.<br />Never fear, this is a good thing<br />
  • 58. Pictures<br />Stored in “User Photos” at the rootweb of the MySite site collection<br />3 versions<br />Large 144x144 <br />Medium 96x96<br />Small 32x32<br />Will size by longest edge<br />Write back to AD and see them in Outlook<br />41<br />
  • 59. BCS Data Source<br />42<br />Not with User Profiles<br />Import only <br />
  • 60. Getting data from other systems<br />43<br />
  • 61. Importing from LOB Systems<br />
  • 62. Data in - data out<br />LOB System to SharePoint<br />AD to SharePoint<br />SharePoint to AD<br />
  • 63. Data in - data out<br />Identity management for the masses<br />
  • 64. Patches……they were quick<br />KB983497<br />http://support.microsoft.com/kb/983497<br />Almost completely dedicated to the user profile issues<br />Fixes issues with;<br />large data stores Groups and members<br />SQL locks Delays in sync<br />activity feed<br />
  • 65. Summary<br /><ul><li>Following the steps and UPS will work every time
  • 66. Plan what data (properties) you need
  • 67. Create the policies
  • 68. Set the permissions
  • 69. What goes back to your directory service
  • 70. What other systems have data to enrich users profiles</li></li></ul><li>Contact <br />Joshua.haebets@evolve-is.com.au<br />Slides will be here www.slideshare.net/jhaebets<br />Keep an eye on www.robotsdottxt.com<br />www.linkedin.com/in/jhaebets<br />
  • 71. Sponsors<br />Thanks For Listening!<br />Be sure to submit your feedback<br />if you want to be in the draw to<br />win the Xbox 360 and other prizes!<br />
  • 72. # Start the profile synchronization service on a server <br />function Start-ProfileSynchronizationService{<br />PARAM (<br />[string] $ProfileApplication = $(throw &quot;You must provide a user profile service application name&quot;),<br />[string] $Machine,<br />[string] $Password = $(throw &quot;You must enter the password of the farm account (SharePoint timer service account)&quot;))<br />$upaApp = Get-SPServiceApplication | ? {$_.name -like $ProfileApplication}<br />if ($Machine -eq $null -Or $Machine -eq&quot;&quot;) {<br /># get the current machine <br />$Machine = [System.Environment]::MachineName}<br />$syncService = Get-SPServiceInstance | ? {$_.typeName -like &quot;User Profile Synchronization Service&quot; -And $_.Server.Address -like $Machine}<br />## get default timer service account<br />$serviceAccount = (Get-SPFarm).DefaultServiceAccount<br />Write-Output([System.String]::Format(&quot;Starting user profile sync service on machine {0} for UPA {1}; service account is {2}&quot;, $Machine, $upaApp.Name, $serviceAccount.Name))<br />$upaApp.SetSynchronizationMachine($Machine, $syncService.Id, $serviceAccount.Name, $Password) }<br />## Use the function Start-ProfileSynchronizationService to start profile synchronization service<br />write-output &quot;Starting user profile sync service&quot;<br />$machine = read-Host(&quot;Please enter the server on which you want to run the profile sync service (by default is current machine)&quot;)<br />$upa = read-Host(&quot;Please enter the UPA name the profile sync service will be associated with&quot;) <br />$password = read-Host(&quot;Please enter the service account (farm account) password&quot;)<br />start-ProfileSynchronizationService -ProfileApplication $upa -Machine $machine -Password $password<br />51<br />Start the User Profile Synchronization Service <br />

×