Best Practices AroundSharePoint 2010 User ProfilesScott JamisonChief ArchitectJornata LLC

SPC310

Meet Scott Jamison Chief Architect at Jornata (booth 650)

SharePoint partner with Gold Competency in Portals & Collab Formerly a Director at Microsoft

SharePoint MVP Microsoft Certified Master Author:

Essential SharePoint 2007 Essential SharePoint 2010 Five whitepapers on SharePoint 2010

Blog: www.scottjamison.com Twitter: @sjam

What We Will Cover User Profile Feature Overview [100 level]

Profiles & Properties My Sites Social Computing Features

Review Core Components [200 level] Services Service Applications Databases Timer Jobs

Planning & Provisioning [300 level] Required set of pre-planning activities GUI-based provisioning of UPA

What I Won’t Cover [400 level] PowerShell provisioning UPRE Global my sites High scale

Go to “Part II” – Spencer Harbar’s session (tomorrow)SPC407: Enterprise Deployment Considerations for the User Profile Applications

ABOUT SOCIAL COMPUTING & USER PROFILES

General information about SharePoint User Profiles

User Profiles and Social Computing

Key Feature: Business collaboration and social computing

A “Social Identity” is the cornerstone of all user-centric and social capabilities

What a Social Identity Enables

Providing a social identity enables the users of your solution to: Gather insight into other users based on their social

network, such as informing them about what the people they know are doing

Provide social feedback in the form of ratings, comments, and tags

Find an ‘expert’ – a mechanism that provides a way for users to locate a person within the organization based on profile attributes

Provide an accurate organization chart so that users know the reporting structure

Display items such as human resources news, based on the user’s organization and business role within the company

Show a picture of your users in Outlook via the social connector

User Profile & Social Features User Profiles

Status About me Additional Profile Properties

Personal Content “My site”

Social Data Tags, Comments, & Ratings Activity Feed

User Profiles & My Sites & Social Features User profiles are rendered using single pages:

Public profile: http://<mysiteurl>/<mysitehost>/person.aspx

Newsfeed http://<mysiteurl>/<mysitehost>/default.aspx

Personal sites are individual site collections rendered at:

http://<mysiteurl>/<mysitehost>/<useraccount>/default.aspx Personal Sites are optional

You can have profiles without my sites You cannot have my sites without profiles

Social Features can be enabled/disabled Rely on the user having a profile

Best Practice #1

You don’t have to enable personal sites if you just want people search and social

computing.

Best Practice #2

Put your my site host on its own web application.

Best Practice #3

Do not pre-create a personal site for everyone.

It’s a waste of resources. They’ll already have a profile.

My Sites

Scott JamisonChief ArchitectJornata

demo

Social Networking

Key Goal: Provide a means for social interaction

Why? Enables Users to: Provide status updates Interact with other users via noteboards (aka “the

wall”) View stories via Activity feeds Discuss stuff via discussion boards Discover people (“colleagues”)

Social Networking Colleagues

Track your colleagues Better, more readable

“newsfeed” Add additional colleagues

Notifications Email Note board Colleague addition Keywords suggestions

Profile Updates Alerts to update profile Status message

Social Feedback

What is Feedback? Social Tags Notes and Ratings Applies to any URL, inside or outside of SharePoint

How does it help? Categorize, annotate, promote Help retrieval of relevant links Primary mechanism for promoting documents and

web pages to the newsfeed

Tagging Tag anything

Documents Items Pages Profiles Things outside SharePoint

How to tag I like it Tags & Notes Keyword column

Visibility Tags & Notes Tag Cloud Tag Profiles

Best Practice #4

Encourage users to observe and use the existing tags. It maintains consistency.

Tag Profile Tag Profile

Every tag has one Subscribe

Follow tag in my newsfeed Shows in My Interests

• Add to “Ask me about” in My Profile• View people who are following this tag• People Search

• FAST Search• Doesn’t Index Social Tags• “There are no available items tagged with”

Best Practice #5

Enable Metadata Keyword Social Promotion

Ratings Rate your content

0-5 Stars Can enable/disable per list

Best Practice #6

Ratings are overrated. Use with caution.

Activity Feeds Presentation

My Site Feed Web part

Atom 2.0 feed Types

Consolidated Activities I consume

Published My activities (that others consume)

Best Practice #7

Enable the Activity Feed Timer Job.Change the schedule to suit your needs.

RTM: disabled by defaultSP1: enabled by default

Default schedule is Hourly.

Making Use of Social Features Find an Expert

People Search Ask me about

Tag Subscription Get updates on tags

of interest Activity Feeds

Follow Be followed

Search Relevance Tags

USER PROFILES: UNDER THE COVERS

Core Components

User Profile Service Application User Profile Services Databases Timer Jobs Synchronization*

Forefront Identity Manager

Profile Services User Profile Service Application

Container for configuration settings Can be more than one (but only associated with a single

synchronization service) User Profile Service

SharePoint Service (service on server) User Profile Synchronization Service

SharePoint Service (service on server) Provisions Forefront Identity Manager Associated with one User Profile Service Application

User Profile Service Application: Dependencies

Managed Metadata Service Need this for certain user profile properties Need this for Tags to work

Search Service People Search Tag Profile Page

Business Connectivity Services Synchronizing profile properties from LOB systems Read-only (no write-back)

User Profile Service Application: Databases

Social Database Tags Comments Ratings

User Profile Database Profile properties Consolidated Activity Feed Comments

Sync Database Staging data (FIM)

ProfileSynchronization

ServiceInstance

Profile ServiceInstance

Social Data SyncProfiles

User Profile Service Application: Timer Jobs

• User Profile Service provisions 13 Timer Jobs• Consider the default schedule against your business needs

How Activity Feeds Work Activity timer job gathers data

“Activity Feed Job” Hourly schedule

Activity Feed Cleanup Job Cleans up activities older than 14

days Daily schedule

Activity Feed API Consume user feeds Insert activities into newsfeeds

Activity feed architecture

Activity Feed - User profile

DB

Change log - User profile

DB

Social database

Custom Timer Job

Custom gatherer

Activity Timer Job

Profile and social gatherers

Activity Feed• User can define what they see in the activity feed (through user profile page)

• Customer gathers can provide external data to the activity feed

• Activity feed can be surfaced through search (people)

How Ratings Work

Stored in Social Database Timer Jobs

“Social Data Maintenance” “Activity Feed” “Social Ratings Sync”

Proxy Sync to content database

Average rating calculated

How Tagging Works

Tags stored in Social database Requires Managed Metadata Service Timer Jobs:

Social Data Maintenance Hourly

“I Like it” – just another tag Visible in tags and Notes dialog and

also on My Site

How My Sites Work Pages

Public profile (person.aspx) Newsfeed (default.aspx)

My Site Content site collection + Content DB

My Site Host Site collection

Trusted My Site Locations Distributed Hosting Audience-driven

Timer Jobs My Site Cleanup

Notifies manager when a user My Site is deleted

How Synchronization Works Multiples Sources

AD LDAP BCS

Forefront Identity Manager (FIM)

Timer Jobs User Profile Incremental Import

Job

User Profile Service

ProfileSynchronization

ServiceInstance

ActiveDirectory

LDAP

Business Connectivity Service

SyncProfiles

FIM Forefront Identity Manager ‘Light’ version bundled with

MSS Client great for troubleshooting

Sync Use for complex filters

Which cannot be expressed in CA

The FIM Client is located at C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe

PLANNING AND CONFIGURING USER PROFILES

Best Practice #8

Step away from the keyboard. Take time to plan.

Planning (Business Goals) Clarify your business goals

Why are we doing this? How does it align with our business goals?

Plan Capabilities - What features will be enabled? User Profiles Personal Sites Social

Plan User Permissions Who will be allowed to use this?

Plan Profile properties This will take longer than you think.

Planning

You’ll Need To: Work with HR Work with ILM team Work with AD team

Plan Profile PropertiesProperty Name Source

LocationMapped to attribute

Visible on My Site?

Searchable? Editable By User?

Privacy Setting?

Write back?

SPS-DistinguishedName

AD <dn> No No No N/A No

SID AD objectSid No No No N/A No

First name AD givenName Yes Yes No   No

Last name AD Sn Yes Yes No   No

Work phone AD telephoneNumber Yes Yes No   No

Department AD department Yes Yes No   No

Title AD title Yes Yes No   No

Manager AD manager Yes Yes No   No

About me SharePoint N/A Yes Yes Yes   No

Picture AD* picture Yes No Yes   Yes

UserName AD sAMAccountName Yes Yes No   No

Work e-mail AD Mail Yes Yes No   No

Mobile phone SharePoint N/A Yes Yes Yes   No

Office AD office Yes Yes No   No

Past projects SharePoint N/A Yes Yes Yes   No

Schools BCS Schools Yes Yes No   No

Birthday BCS DateOfBirth Yes No No   No

Status Message SharePoint N/A Yes Yes Yes   No

Employee ID (custom)

BCS EmployeeID Yes Yes No   No

Cost Center (custom)

LDAP costcenter Yes Yes No   No

Policies Which properties should be mandatory?

Account name, department..etc. Which properties should be visible to everyone?

Non-sensitive information Which properties can be changed by users?

Phone number, preferred name..etc.

Planning for Privacy Social tagging

Culturally disruptive? Policies

Who can social tag/bookmark? What happens when the employee leaves? Activity feeds

What’s visible? Person Pictures

Federal requirements?

Plan For Governance Governance is very important for user

profiles You need to train users and decide:

When are users supposed to put content into their personal site?

How are users supposed to use the tagging rating features?

How often should users update their profile What should “About Me” say? Can users put any picture they want into

their profile?

Policies and Privacy Settings Policies

Enabled, Required, Optional, Disabled User Override Replicable

Privacy and Visibility Everyone My Colleagues My Team My Manager Only Me

Planning for Privacy Social tagging will be culturally disruptive Need to plan and decide

Who can social tag/bookmark? Define an acceptable use policy

What happens when the employee leaves? Security trimming of tags

Pluggable architecture allows definition of rules and back ends (new in June 2011 CU)

Define how to handle non-SharePoint and external sites Only Indexed sites can be trimmed out-of-the-box

Activity feed repercussions

Planning for Privacy You will need to proactively plan for privacy Key stakeholders are HR, Legal, IT and Business Drivers Top Issues for My Site deployment

Picture usage Activity feed Custom Fields

Further Planning (Technical) What will your logical architecture design look like? Plan Container Selection Plan Sync Filters Plan for Scale Do you need global, distributed My Sites? Do you need multi-lingual My Sites?

Best Practice #9

The AD team will lie to you. So take note.

Best Practice #10

Configure write-back to AD to show a picture of your users in Outlook & Lync.

This requires additional permissions.

Best Practice #11

Once you’ve planned accordingly, only then should you create and

configure your service applications

Configuring the UPA: Pre-reqs

Patches: If SQL Server 2008, SP1 + Cumulative updates

Permissions: Farm account is local admin on SP server [remember to remove

after!] Farm account can log on locally Farm account is administrator for UPA

Other Service Applications: A Managed Metadata SA is installed and configured

Configuring the UPSA

1. From CA, create a new UPA Three databases are created Only once instance of FIM can run on a server

2. IISRESET…or go get coffee3. Start the User Profile Sync Service

A timer job creates the FIM configuration settings

Configuring the User Profile Service Application

demo

Common Issues

Farm account is not local administrator on the machine Timer job will fail You can remove local admin privileges after configuration is

complete Failing to do an IISRESET after starting the User

Profile Service Do an IISRESET and try again

User Profile Sync Account needs permissions in AD: Replicate Directory Changes Write Permissions (if you write back)

Creating a Sync Connection Use a dedicated account for synchronization

Does not need to be the farm account! Needs permissions to Active Directory

Replicate Directory Changes For write-back to AD (for example for the user’s photo), use

granular permissions thumbnailPhoto attribute

Each connection needs to be configured separately AD, LDAP, BCS, other sources

You’ll need to create a schedule for each source For AD, full import once; incremental Daily For BCS, only full imports are available

Best Practice #12

Use a Dedicated Service Account for Sync

Apply Filters to a Connection

Filters enable you to synchronize a subset of the users

You can only reduce the set (never expand it) Edit Connection Filters

Best Practice #13

To filter out disabled accounts, setuserAccountControl (Bit on equals) 2

Recap: Key Points Want Better User Adoption?

User Profiles enable an broad set of features Planning

You should must do it Profile Synchronization

Get your permissions right If sync to AD isn’t working, AD permissions are likely the

problem BCS does not allow write-back Got filters? Go get coffee. Use FIM for complex filters – but there’s no going back Sync on dedicated SQL for performance

What We Covered User Profile Feature Overview

Profiles & Properties My Sites Social Computing Features

Review Core Components Services Service Applications Databases Timer Jobs

Planning & Provisioning Required set of pre-planning activities GUI-based provisioning of UPA

Resources

Sessions SPC407: Enterprise Deployment Considerations for the User

Profile Applications (Wed 1:45) SPC3994: Upgrading User Profiles and My Sites from

SharePoint 2007 to SharePoint 2010 (Thu noon)

Spence Harbar’s Blog (www.harbar.net) White Paper

“Planning and Deploying SharePoint Server 2010 User Profiles for My Site Web Sites”

Thank You!

Blog: www.scottjamison.com

Twitter: @sjam

Thank you to Spence! harbar.net @harbars

anaheim, ca

october

3–6 t h

2011

Conference 2011