spc310. general information about sharepoint user profiles
Post on 19-Dec-2015
223 views
TRANSCRIPT
Best Practices AroundSharePoint 2010 User ProfilesScott JamisonChief ArchitectJornata LLC
SPC310
Meet Scott Jamison Chief Architect at Jornata (booth 650)
SharePoint partner with Gold Competency in Portals & Collab Formerly a Director at Microsoft
SharePoint MVP Microsoft Certified Master Author:
Essential SharePoint 2007 Essential SharePoint 2010 Five whitepapers on SharePoint 2010
Blog: www.scottjamison.com Twitter: @sjam
What We Will Cover User Profile Feature Overview [100 level]
Profiles & Properties My Sites Social Computing Features
Review Core Components [200 level] Services Service Applications Databases Timer Jobs
Planning & Provisioning [300 level] Required set of pre-planning activities GUI-based provisioning of UPA
What I Won’t Cover [400 level] PowerShell provisioning UPRE Global my sites High scale
Go to “Part II” – Spencer Harbar’s session (tomorrow)SPC407: Enterprise Deployment Considerations for the User Profile Applications
ABOUT SOCIAL COMPUTING & USER PROFILES
General information about SharePoint User Profiles
User Profiles and Social Computing
Key Feature: Business collaboration and social computing
A “Social Identity” is the cornerstone of all user-centric and social capabilities
What a Social Identity Enables
Providing a social identity enables the users of your solution to: Gather insight into other users based on their social
network, such as informing them about what the people they know are doing
Provide social feedback in the form of ratings, comments, and tags
Find an ‘expert’ – a mechanism that provides a way for users to locate a person within the organization based on profile attributes
Provide an accurate organization chart so that users know the reporting structure
Display items such as human resources news, based on the user’s organization and business role within the company
Show a picture of your users in Outlook via the social connector
User Profile & Social Features User Profiles
Status About me Additional Profile Properties
Personal Content “My site”
Social Data Tags, Comments, & Ratings Activity Feed
User Profiles & My Sites & Social Features User profiles are rendered using single pages:
Public profile: http://<mysiteurl>/<mysitehost>/person.aspx
Newsfeed http://<mysiteurl>/<mysitehost>/default.aspx
Personal sites are individual site collections rendered at:
http://<mysiteurl>/<mysitehost>/<useraccount>/default.aspx Personal Sites are optional
You can have profiles without my sites You cannot have my sites without profiles
Social Features can be enabled/disabled Rely on the user having a profile
Best Practice #1
You don’t have to enable personal sites if you just want people search and social
computing.
Best Practice #2
Put your my site host on its own web application.
Best Practice #3
Do not pre-create a personal site for everyone.
It’s a waste of resources. They’ll already have a profile.
My Sites
Scott JamisonChief ArchitectJornata
demo
Social Networking
Key Goal: Provide a means for social interaction
Why? Enables Users to: Provide status updates Interact with other users via noteboards (aka “the
wall”) View stories via Activity feeds Discuss stuff via discussion boards Discover people (“colleagues”)
Social Networking Colleagues
Track your colleagues Better, more readable
“newsfeed” Add additional colleagues
Notifications Email Note board Colleague addition Keywords suggestions
Profile Updates Alerts to update profile Status message
Social Feedback
What is Feedback? Social Tags Notes and Ratings Applies to any URL, inside or outside of SharePoint
How does it help? Categorize, annotate, promote Help retrieval of relevant links Primary mechanism for promoting documents and
web pages to the newsfeed
Tagging Tag anything
Documents Items Pages Profiles Things outside SharePoint
How to tag I like it Tags & Notes Keyword column
Visibility Tags & Notes Tag Cloud Tag Profiles
Best Practice #4
Encourage users to observe and use the existing tags. It maintains consistency.
Tag Profile Tag Profile
Every tag has one Subscribe
Follow tag in my newsfeed Shows in My Interests
• Add to “Ask me about” in My Profile• View people who are following this tag• People Search
• FAST Search• Doesn’t Index Social Tags• “There are no available items tagged with”
Best Practice #5
Enable Metadata Keyword Social Promotion
Ratings Rate your content
0-5 Stars Can enable/disable per list
Best Practice #6
Ratings are overrated. Use with caution.
Activity Feeds Presentation
My Site Feed Web part
Atom 2.0 feed Types
Consolidated Activities I consume
Published My activities (that others consume)
Best Practice #7
Enable the Activity Feed Timer Job.Change the schedule to suit your needs.
RTM: disabled by defaultSP1: enabled by default
Default schedule is Hourly.
Making Use of Social Features Find an Expert
People Search Ask me about
Tag Subscription Get updates on tags
of interest Activity Feeds
Follow Be followed
Search Relevance Tags
USER PROFILES: UNDER THE COVERS
Core Components
User Profile Service Application User Profile Services Databases Timer Jobs Synchronization*
Forefront Identity Manager
Profile Services User Profile Service Application
Container for configuration settings Can be more than one (but only associated with a single
synchronization service) User Profile Service
SharePoint Service (service on server) User Profile Synchronization Service
SharePoint Service (service on server) Provisions Forefront Identity Manager Associated with one User Profile Service Application
User Profile Service Application: Dependencies
Managed Metadata Service Need this for certain user profile properties Need this for Tags to work
Search Service People Search Tag Profile Page
Business Connectivity Services Synchronizing profile properties from LOB systems Read-only (no write-back)
User Profile Service Application: Databases
Social Database Tags Comments Ratings
User Profile Database Profile properties Consolidated Activity Feed Comments
Sync Database Staging data (FIM)
ProfileSynchronization
ServiceInstance
Profile ServiceInstance
Social Data SyncProfiles
User Profile Service Application: Timer Jobs
• User Profile Service provisions 13 Timer Jobs• Consider the default schedule against your business needs
How Activity Feeds Work Activity timer job gathers data
“Activity Feed Job” Hourly schedule
Activity Feed Cleanup Job Cleans up activities older than 14
days Daily schedule
Activity Feed API Consume user feeds Insert activities into newsfeeds
Activity feed architecture
Activity Feed - User profile
DB
Change log - User profile
DB
Social database
Custom Timer Job
Custom gatherer
Activity Timer Job
Profile and social gatherers
Activity Feed• User can define what they see in the activity feed (through user profile page)
• Customer gathers can provide external data to the activity feed
• Activity feed can be surfaced through search (people)
How Ratings Work
Stored in Social Database Timer Jobs
“Social Data Maintenance” “Activity Feed” “Social Ratings Sync”
Proxy Sync to content database
Average rating calculated
How Tagging Works
Tags stored in Social database Requires Managed Metadata Service Timer Jobs:
Social Data Maintenance Hourly
“I Like it” – just another tag Visible in tags and Notes dialog and
also on My Site
How My Sites Work Pages
Public profile (person.aspx) Newsfeed (default.aspx)
My Site Content site collection + Content DB
My Site Host Site collection
Trusted My Site Locations Distributed Hosting Audience-driven
Timer Jobs My Site Cleanup
Notifies manager when a user My Site is deleted
How Synchronization Works Multiples Sources
AD LDAP BCS
Forefront Identity Manager (FIM)
Timer Jobs User Profile Incremental Import
Job
User Profile Service
ProfileSynchronization
ServiceInstance
ActiveDirectory
LDAP
Business Connectivity Service
SyncProfiles
FIM Forefront Identity Manager ‘Light’ version bundled with
MSS Client great for troubleshooting
Sync Use for complex filters
Which cannot be expressed in CA
The FIM Client is located at C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
PLANNING AND CONFIGURING USER PROFILES
Best Practice #8
Step away from the keyboard. Take time to plan.
Planning (Business Goals) Clarify your business goals
Why are we doing this? How does it align with our business goals?
Plan Capabilities - What features will be enabled? User Profiles Personal Sites Social
Plan User Permissions Who will be allowed to use this?
Plan Profile properties This will take longer than you think.
Planning
You’ll Need To: Work with HR Work with ILM team Work with AD team
Plan Profile PropertiesProperty Name Source
LocationMapped to attribute
Visible on My Site?
Searchable? Editable By User?
Privacy Setting?
Write back?
SPS-DistinguishedName
AD <dn> No No No N/A No
SID AD objectSid No No No N/A No
First name AD givenName Yes Yes No No
Last name AD Sn Yes Yes No No
Work phone AD telephoneNumber Yes Yes No No
Department AD department Yes Yes No No
Title AD title Yes Yes No No
Manager AD manager Yes Yes No No
About me SharePoint N/A Yes Yes Yes No
Picture AD* picture Yes No Yes Yes
UserName AD sAMAccountName Yes Yes No No
Work e-mail AD Mail Yes Yes No No
Mobile phone SharePoint N/A Yes Yes Yes No
Office AD office Yes Yes No No
Past projects SharePoint N/A Yes Yes Yes No
Schools BCS Schools Yes Yes No No
Birthday BCS DateOfBirth Yes No No No
Status Message SharePoint N/A Yes Yes Yes No
Employee ID (custom)
BCS EmployeeID Yes Yes No No
Cost Center (custom)
LDAP costcenter Yes Yes No No
Policies Which properties should be mandatory?
Account name, department..etc. Which properties should be visible to everyone?
Non-sensitive information Which properties can be changed by users?
Phone number, preferred name..etc.
Planning for Privacy Social tagging
Culturally disruptive? Policies
Who can social tag/bookmark? What happens when the employee leaves? Activity feeds
What’s visible? Person Pictures
Federal requirements?
Plan For Governance Governance is very important for user
profiles You need to train users and decide:
When are users supposed to put content into their personal site?
How are users supposed to use the tagging rating features?
How often should users update their profile What should “About Me” say? Can users put any picture they want into
their profile?
Policies and Privacy Settings Policies
Enabled, Required, Optional, Disabled User Override Replicable
Privacy and Visibility Everyone My Colleagues My Team My Manager Only Me
Planning for Privacy Social tagging will be culturally disruptive Need to plan and decide
Who can social tag/bookmark? Define an acceptable use policy
What happens when the employee leaves? Security trimming of tags
Pluggable architecture allows definition of rules and back ends (new in June 2011 CU)
Define how to handle non-SharePoint and external sites Only Indexed sites can be trimmed out-of-the-box
Activity feed repercussions
Planning for Privacy You will need to proactively plan for privacy Key stakeholders are HR, Legal, IT and Business Drivers Top Issues for My Site deployment
Picture usage Activity feed Custom Fields
Further Planning (Technical) What will your logical architecture design look like? Plan Container Selection Plan Sync Filters Plan for Scale Do you need global, distributed My Sites? Do you need multi-lingual My Sites?
Best Practice #9
The AD team will lie to you. So take note.
Best Practice #10
Configure write-back to AD to show a picture of your users in Outlook & Lync.
This requires additional permissions.
Best Practice #11
Once you’ve planned accordingly, only then should you create and
configure your service applications
Configuring the UPA: Pre-reqs
Patches: If SQL Server 2008, SP1 + Cumulative updates
Permissions: Farm account is local admin on SP server [remember to remove
after!] Farm account can log on locally Farm account is administrator for UPA
Other Service Applications: A Managed Metadata SA is installed and configured
Configuring the UPSA
1. From CA, create a new UPA Three databases are created Only once instance of FIM can run on a server
2. IISRESET…or go get coffee3. Start the User Profile Sync Service
A timer job creates the FIM configuration settings
Configuring the User Profile Service Application
demo
Common Issues
Farm account is not local administrator on the machine Timer job will fail You can remove local admin privileges after configuration is
complete Failing to do an IISRESET after starting the User
Profile Service Do an IISRESET and try again
User Profile Sync Account needs permissions in AD: Replicate Directory Changes Write Permissions (if you write back)
Creating a Sync Connection Use a dedicated account for synchronization
Does not need to be the farm account! Needs permissions to Active Directory
Replicate Directory Changes For write-back to AD (for example for the user’s photo), use
granular permissions thumbnailPhoto attribute
Each connection needs to be configured separately AD, LDAP, BCS, other sources
You’ll need to create a schedule for each source For AD, full import once; incremental Daily For BCS, only full imports are available
Best Practice #12
Use a Dedicated Service Account for Sync
Apply Filters to a Connection
Filters enable you to synchronize a subset of the users
You can only reduce the set (never expand it) Edit Connection Filters
Best Practice #13
To filter out disabled accounts, setuserAccountControl (Bit on equals) 2
Recap: Key Points Want Better User Adoption?
User Profiles enable an broad set of features Planning
You should must do it Profile Synchronization
Get your permissions right If sync to AD isn’t working, AD permissions are likely the
problem BCS does not allow write-back Got filters? Go get coffee. Use FIM for complex filters – but there’s no going back Sync on dedicated SQL for performance
What We Covered User Profile Feature Overview
Profiles & Properties My Sites Social Computing Features
Review Core Components Services Service Applications Databases Timer Jobs
Planning & Provisioning Required set of pre-planning activities GUI-based provisioning of UPA
Resources
Sessions SPC407: Enterprise Deployment Considerations for the User
Profile Applications (Wed 1:45) SPC3994: Upgrading User Profiles and My Sites from
SharePoint 2007 to SharePoint 2010 (Thu noon)
Spence Harbar’s Blog (www.harbar.net) White Paper
“Planning and Deploying SharePoint Server 2010 User Profiles for My Site Web Sites”
Thank You!
Blog: www.scottjamison.com
Twitter: @sjam
Thank you to Spence! harbar.net @harbars
anaheim, ca
october
3–6 t h
2011
Conference 2011