SharePoint SaturdayDayton, Ohio
June 30, 2012
Wrangling The User Profile Service
James GrizzleSenior Consultant – Cardinal
Solutions
General Information
• Tweet it Out!!– Hashtag for this event: #SPSDayton– Follow us: @SPSDayton– Include your presenters
• Check out SPTV – Tweets will display throughout the day
on the screens.– Footage will be shown at http://mysp.tv
Overview
• Setting up the User Profile Service• Debugging the UPS (and sync)• Advanced UPS Features and
Customizations
Assumptions
– No Farm Config Wizard– Using Active Directory– Domain Accounts– NetBIOS name is the same as the FQDN– Users in AD
Permissions
• Farm Account– Log on Locally (Set first)– Administrator (Only during Provisioning)
• Sync Account– Replicating Directory Changes
Permissions
• Content Access Account• User Profile Service Account
Demo
• Add NETWORK-SERVICE to WSS_WPG group
Errors
Plan Sync
• Plan Profile Properties• Plan OUs to Sync• Plan Sync Connection Filters• Sync Back?
AD to SharePoint Property MappingProperty Display Name
Property Name Value
Custom PropCustom AD Prop
Mapped To (AD Property)
Originally Mapped To
Shows on Profile Page
Replicable to Sites
Corp ID CorpID Yes No employeeID Yes Yes
Name PreferredName No No cn displayName Yes Yes
Work phone WorkPhone No Yes otherTelephone telephoneNumber
Yes Yes
Fax Fax No NofacsimileTelephoneNumber
Yes Yes
Address Address Yes No streetAddress No No
Building Building Yes No Street No No
City City Yes No l No No
State State Yes No st No No
Zip Code ZipCode Yes No postalCode No No
Division Division Yes No division Yes Yes
Advanced Sync Topics
• Map custom AD attributes• User Profile sub-types• Create advanced profile import filters–Multiple And / OR– CANNOT GO BACK TO CA UI!!!!
• FIM• Global Audiences
Demo
Diagnosing Common Issues
• FIM• 99% of the time, permissions are the issue– Farm Account must be local admin during the
sync– Farm Account must have “Allow Log on Locally”– Sync Account needs “Replicating Directory
Changes” permission in AD
• IISRESET, Logon / Logoff, and Restart SharePoint Timer Service before starting the UPSA
• IISRESET after starting the UPSA
• FIM• Status –
Stopped-connectivity
• Connection Status – Failed search
• Replicating Directory Changes Permissions
Sync Issues – Domain Permissions
FIM - Connection Log
Tips
• Add a link to the User Profile Service and Search Service on the resources list on the homepage and on possibly the Top Link bar
• Install SP1 and the August 2011 CU at least– April CU refresh offers even better UPS
goodies
Gotchas• Oct 2011 CU breaks profile photos.• Sync Database size
– Fixed in April CU (be careful of the version of April CU since it was rescinded by Microsoft – new v .5006)
– Also can be handled by deleting the Sync DB and reprovisioning UPA. • Remember the Sync DB is only a staging environment• Keep the social and profile DBs!
• Politics– Who owns the identities, does the data come from
multiple teams, how will the connections work, if you do write-back, who becomes the authoritative source?
Resources• Rational Guide to implementing UPS
http://www.harbar.net/articles/sp2010ups.aspx
• Stuck on Starting – Common Sync Issueshttp://www.harbar.net/articles/sp2010ups2.aspx
• Creating User Profile Sync Filtershttp://www.harbar.net/archive/2011/02/22/323.aspx
• Mapping User Profile Properties to LDAP attributeshttp://blogs.msdn.com/b/tehnoonr/archive/2010/11/22/mapping-user-profile-properties-in-sharepoint-2010-to-ldap-attributes.aspx
• User Profile Sub Typeshttps://www.nothingbutsharepoint.com/sites/eusp/Pages/Applied-SharePoint-2010-Governance-Part-3-User-Profile-Sub-Types.aspx
Questions and Evals…
• Fill out your evaluations to receive– Parking Pass– SPS Dayton T-Shirt
Brixx Ice Co.500 East First St., Dayton
SharePoint Saturday Dayton has been made possible because of generous sponsorship from the following friends…