Sponsors<br />User Profile Store<br />Joshua Haebets<br />SharePoint Solutions Architect<br />Evolve Information Services<...
Joshua HaebetsSharePoint Consultant – Evolve Information Services<br />Principal Consultant / Solutions Architect<br />@jh...
Agenda<br />What is the User Profile Service Application<br />How do you configure it<br />Working with profiles<br />Enha...
People<br />4<br />
Getting Profiles<br />
Windows Identity Foundation<br />6<br />
The Service App.<br />Web Applications<br />http://sharepoint.mycompany.com<br />User Profile Service<br />Sync Service<br...
Sync Storage<br />Staging during sync<br />Aggregated Data<br />ConnectorSpace (CS)<br />Metaverse<br />(MV)<br />8<br />
6. Data is sent to MV. Including Exports from UPS. And to AD CS<br />1. Import from Active Directory Data into AD CS<br />...
Data Stores<br />Profile<br />Sync<br />Social<br />Tags, Ratings, Keyword, Bookmarks and Comments<br />Sync Staging DB<br...
Getting it working<br />11<br />Create MySite Host<br />Create the User Profile Service Application<br />Start the User Pr...
From Central Administration<br />Manage Service Applications  New 	 User Profile Service Application<br />12<br />Create...
From Central Administration<br />Manage Services on Server  User Profile Service  Start<br />13<br />Start the User Prof...
From Central Administration<br />Manage Services on Server  User Profile 	Synchronization Service  Start<br />Enter Farm...
15<br />Configure Synchronization Connections<br /> Active Directory Domain Services <br />Novell eDirectory(LDAP)<br />Su...
Active Directory Permissions<br />Create a service account for Active Directory read and write<br />16<br />Isolate roles<...
Replicate Directory Changes<br />Delegate control on your domain and grant Replicate Directory Changes <br />This give you...
More Permissions<br />Create Child Objects permissions for the User Profile Service Account<br />Using ADSIEdit<br />Allow...
More sync permissions<br />One more in ADSIEdit<br />Advanced  Find UPS Service Account<br />Write All Properties<br />Cr...
Connecting to AD<br />Auto domain controller or specify one<br />Enter the User Profile service account credentials<br />
Select the OU/s you want to Sync<br />Say goodbye to <br />LDAP Queries<br />21<br />Configure Synchronization Connections...
Almost there…<br />Connection Filters<br />Easily exclude disabled accounts from sync<br />22<br />
Forefront Identity Manager<br />C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShell<br />23<br />
Get Permissions right or…<br />24<br />No write back to AD<br />No Sync<br />You can only do Full Sync<br />
Performing a Sync<br />
Frequency..<br /><ul><li>Hourly, Daily, Weekly, Monthly
Server load and Directory Service Load
 Or minutes (up to 59) </li></ul>26<br />
27<br />Still having trouble?<br />
28<br />Proxies<br /><ul><li>Make sure you do not have any proxies in use</li></ul>netshwinhttp show proxy<br />No proxy  ...
<configuration><br />   <system.net><br />      <defaultProxy><br />         <bypasslist><br />            <add address="[...
30<br />Proxy Override<br />C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BINowstimer.exe.config<br />...
<ul><li>By default the User Profile Service Application runs with Netbiosdisabled
If you find profiles are NetBiosNameUsername
Eg. Netbios.domain.lan
Appears as Netbiosjoshua.haebets
Should be domainjoshua.haebets
Configuration container in ADSI, replication directory changes</li></ul>31<br />Netbios Names<br />
Powershell and only Powershell<br />$ups = get-spserviceapplication | where{$_.displayname.contains(“User”)}<br />$ups.Net...
What does it all mean<br />
Profile Properties<br /><ul><li>Create custom properties
Clients / Accounts
Previous Employer
Footy Team
Write back to Active Directory
Never fear, import only by default</li></ul>34<br />
Managed Metadata<br /><ul><li>Create standards
Office Locations
Job Titles
Products
Customers
Upcoming SlideShare
Loading in …5
×

SharePoint 2010 - User Profile Store

8,885 views

Published on

Session from SharePoint Saturday Canberra.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,885
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SharePoint 2010 - User Profile Store

  1. 1. Sponsors<br />User Profile Store<br />Joshua Haebets<br />SharePoint Solutions Architect<br />Evolve Information Services<br />
  2. 2. Joshua HaebetsSharePoint Consultant – Evolve Information Services<br />Principal Consultant / Solutions Architect<br />@jhaebets on Twitter<br />www.linkedin.com/in/jhaebets<br />Blog on the way<br />www.robotsdottxt.com<br />
  3. 3. Agenda<br />What is the User Profile Service Application<br />How do you configure it<br />Working with profiles<br />Enhancing the profile service<br />
  4. 4. People<br />4<br />
  5. 5. Getting Profiles<br />
  6. 6. Windows Identity Foundation<br />6<br />
  7. 7. The Service App.<br />Web Applications<br />http://sharepoint.mycompany.com<br />User Profile Service<br />Sync Service<br />Social DB<br />Profile DB<br />Sync DB<br />
  8. 8. Sync Storage<br />Staging during sync<br />Aggregated Data<br />ConnectorSpace (CS)<br />Metaverse<br />(MV)<br />8<br />
  9. 9. 6. Data is sent to MV. Including Exports from UPS. And to AD CS<br />1. Import from Active Directory Data into AD CS<br />2. Import from SharePoint UPS into SP CS<br />MV<br />7. Data sent from AD CS to Active Directory<br />8. Data check and validated from AD to AD CS<br />4. Export data from CS to SharePoint UPS<br />AD<br />5. Import and data confirmation<br />3. Data is sent to CS<br />3. Data is sync’d with the MV<br />AD CS<br />SP CS<br />SharePoint <br />UPS<br />9<br />
  10. 10. Data Stores<br />Profile<br />Sync<br />Social<br />Tags, Ratings, Keyword, Bookmarks and Comments<br />Sync Staging DB<br />Profile Data and Activity Feed<br />10<br />
  11. 11. Getting it working<br />11<br />Create MySite Host<br />Create the User Profile Service Application<br />Start the User Profile Service <br />Start the User Profile Synchronization Service <br />Configure Synchronization Connections<br />
  12. 12. From Central Administration<br />Manage Service Applications  New  User Profile Service Application<br />12<br />Create the User Profile Service Application<br />Powershell<br />$ups = New-SPProfileServiceApplication-Name "User Profile Service Application" -ApplicationPool “User Profile Application Pool" -MySiteHostLocation "http://sps-ups/my" -MySiteManagedPath "my/personal" -ProfileDBName “SPS-UPS_ProfileDB" -ProfileSyncDBName “SPS-UPS_SyncDB" <br />-SocialDBName “SPS-UPS_SocialDB" <br />New-SPProfileServiceApplicationProxy -Name "User Profile Service Application Proxy" -ServiceApplication $ups -DefaultProxyGroup<br />
  13. 13. From Central Administration<br />Manage Services on Server  User Profile Service  Start<br />13<br />Start the User Profile Service <br />Powershell<br />$upservice = get-spserviceinstance | where($_.TypeName.Contains(“User Profile Service”)}<br />Start-spserviceinstance –identity $upservice<br />
  14. 14. From Central Administration<br />Manage Services on Server  User Profile Synchronization Service  Start<br />Enter Farm Account Password<br />Farm Account must be local admin on server to provision sync service<br />Farm Account must have logon locally once service has been provisioned <br />Powershell script at the end of the deck<br />14<br />Start the User Profile Synchronization Service <br />Powershell – a little harder than most<br />
  15. 15. 15<br />Configure Synchronization Connections<br /> Active Directory Domain Services <br />Novell eDirectory(LDAP)<br />Sun Java Directory Service(LDAP)<br />IBM Tivoli (LDAP)<br />
  16. 16. Active Directory Permissions<br />Create a service account for Active Directory read and write<br />16<br />Isolate roles<br />Manage Permissions<br />Keep domain admins happy<br />
  17. 17. Replicate Directory Changes<br />Delegate control on your domain and grant Replicate Directory Changes <br />This give you importpermissions<br />
  18. 18. More Permissions<br />Create Child Objects permissions for the User Profile Service Account<br />Using ADSIEdit<br />Allows you to write back to Active Directory…..almost<br />
  19. 19. More sync permissions<br />One more in ADSIEdit<br />Advanced  Find UPS Service Account<br />Write All Properties<br />Create All Child Objects<br />There will be two instances<br />
  20. 20. Connecting to AD<br />Auto domain controller or specify one<br />Enter the User Profile service account credentials<br />
  21. 21. Select the OU/s you want to Sync<br />Say goodbye to <br />LDAP Queries<br />21<br />Configure Synchronization Connections<br />
  22. 22. Almost there…<br />Connection Filters<br />Easily exclude disabled accounts from sync<br />22<br />
  23. 23. Forefront Identity Manager<br />C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShell<br />23<br />
  24. 24. Get Permissions right or…<br />24<br />No write back to AD<br />No Sync<br />You can only do Full Sync<br />
  25. 25. Performing a Sync<br />
  26. 26. Frequency..<br /><ul><li>Hourly, Daily, Weekly, Monthly
  27. 27. Server load and Directory Service Load
  28. 28. Or minutes (up to 59) </li></ul>26<br />
  29. 29. 27<br />Still having trouble?<br />
  30. 30. 28<br />Proxies<br /><ul><li>Make sure you do not have any proxies in use</li></ul>netshwinhttp show proxy<br />No proxy / Direct access doesn’t mean it is so<br />
  31. 31. <configuration><br />   <system.net><br />      <defaultProxy><br />         <bypasslist><br />            <add address="[a-z]+.DOMAIN.lan" /><br />            <add address="192.168.0.*" /><br />         </bypasslist><br />      </defaultProxy><br />   </system.net><br /></configuration><br />29<br />Proxy Override<br />And where are you going to put it…<br />
  32. 32. 30<br />Proxy Override<br />C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BINowstimer.exe.config<br />Web.config of you Central Administrator Web Application<br /> <system.net><br /> <defaultProxy /><br /> </system.net><br />3. C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceUIShellMIISClient.exe.config<br />4. C:Program FilesMicrosoft Office Servers14.0Synchronization ServiceBinMIIServer.exe.config<br />Yes that makes four locations<br />
  33. 33. <ul><li>By default the User Profile Service Application runs with Netbiosdisabled
  34. 34. If you find profiles are NetBiosNameUsername
  35. 35. Eg. Netbios.domain.lan
  36. 36. Appears as Netbiosjoshua.haebets
  37. 37. Should be domainjoshua.haebets
  38. 38. Configuration container in ADSI, replication directory changes</li></ul>31<br />Netbios Names<br />
  39. 39. Powershell and only Powershell<br />$ups = get-spserviceapplication | where{$_.displayname.contains(“User”)}<br />$ups.NetBIOSDomainNamesEnabled = $true<br />$ups.update()<br />$ups.NetBIOSDomainNamesEnabled<br /> True<br />32<br />Enable Netbios<br />Delete and recreate the connection to the directory store<br />
  40. 40. What does it all mean<br />
  41. 41. Profile Properties<br /><ul><li>Create custom properties
  42. 42. Clients / Accounts
  43. 43. Previous Employer
  44. 44. Footy Team
  45. 45. Write back to Active Directory
  46. 46. Never fear, import only by default</li></ul>34<br />
  47. 47. Managed Metadata<br /><ul><li>Create standards
  48. 48. Office Locations
  49. 49. Job Titles
  50. 50. Products
  51. 51. Customers
  52. 52. Profile Properties can use Managed Metadata </li></ul>35<br />
  53. 53. Profile Properties<br />
  54. 54. Sub Types<br />Separate profiles for employee types;<br />Part-time / casual employees<br />Contractors<br />Consultants<br />37<br /> Work daysStart and/or End Date<br />Vendor / Consultancy<br />Capture only the information you need for each profile type<br />
  55. 55. Import or Export<br />Plan what you want to write back. <br />One off import and managed from SharePoint? <br />Can HR managed everything from SharePoint now? <br />38<br />
  56. 56. Profile Properties<br />
  57. 57. Email analysis<br />SharePoint reads your emails.<br />Never fear, this is a good thing<br />
  58. 58. Pictures<br />Stored in “User Photos” at the rootweb of the MySite site collection<br />3 versions<br />Large 144x144 <br />Medium 96x96<br />Small 32x32<br />Will size by longest edge<br />Write back to AD and see them in Outlook<br />41<br />
  59. 59. BCS Data Source<br />42<br />Not with User Profiles<br />Import only <br />
  60. 60. Getting data from other systems<br />43<br />
  61. 61. Importing from LOB Systems<br />
  62. 62. Data in - data out<br />LOB System to SharePoint<br />AD to SharePoint<br />SharePoint to AD<br />
  63. 63. Data in - data out<br />Identity management for the masses<br />
  64. 64. Patches……they were quick<br />KB983497<br />http://support.microsoft.com/kb/983497<br />Almost completely dedicated to the user profile issues<br />Fixes issues with;<br />large data stores Groups and members<br />SQL locks Delays in sync<br />activity feed<br />
  65. 65. Summary<br /><ul><li>Following the steps and UPS will work every time
  66. 66. Plan what data (properties) you need
  67. 67. Create the policies
  68. 68. Set the permissions
  69. 69. What goes back to your directory service
  70. 70. What other systems have data to enrich users profiles</li></li></ul><li>Contact <br />Joshua.haebets@evolve-is.com.au<br />Slides will be here www.slideshare.net/jhaebets<br />Keep an eye on www.robotsdottxt.com<br />www.linkedin.com/in/jhaebets<br />
  71. 71. Sponsors<br />Thanks For Listening!<br />Be sure to submit your feedback<br />if you want to be in the draw to<br />win the Xbox 360 and other prizes!<br />
  72. 72. # Start the profile synchronization service on a server <br />function Start-ProfileSynchronizationService{<br />PARAM (<br />[string] $ProfileApplication = $(throw "You must provide a user profile service application name"),<br />[string] $Machine,<br />[string] $Password = $(throw "You must enter the password of the farm account (SharePoint timer service account)"))<br />$upaApp = Get-SPServiceApplication | ? {$_.name -like $ProfileApplication}<br />if ($Machine -eq $null -Or $Machine -eq"") {<br /># get the current machine <br />$Machine = [System.Environment]::MachineName}<br />$syncService = Get-SPServiceInstance | ? {$_.typeName -like "User Profile Synchronization Service" -And $_.Server.Address -like $Machine}<br />## get default timer service account<br />$serviceAccount = (Get-SPFarm).DefaultServiceAccount<br />Write-Output([System.String]::Format("Starting user profile sync service on machine {0} for UPA {1}; service account is {2}", $Machine, $upaApp.Name, $serviceAccount.Name))<br />$upaApp.SetSynchronizationMachine($Machine, $syncService.Id, $serviceAccount.Name, $Password) }<br />## Use the function Start-ProfileSynchronizationService to start profile synchronization service<br />write-output "Starting user profile sync service"<br />$machine = read-Host("Please enter the server on which you want to run the profile sync service (by default is current machine)")<br />$upa = read-Host("Please enter the UPA name the profile sync service will be associated with") <br />$password = read-Host("Please enter the service account (farm account) password")<br />start-ProfileSynchronizationService -ProfileApplication $upa -Machine $machine -Password $password<br />51<br />Start the User Profile Synchronization Service <br />

×