best practices a round sharepoint 2010 user profiles l.
Skip this Video
Loading SlideShow in 5 Seconds..
Best Practices A round SharePoint 2010 User Profiles PowerPoint Presentation
Download Presentation
Best Practices A round SharePoint 2010 User Profiles

Loading in 2 Seconds...

play fullscreen
1 / 66

Best Practices A round SharePoint 2010 User Profiles - PowerPoint PPT Presentation

  • Uploaded on

SPC310 . Best Practices A round SharePoint 2010 User Profiles. Scott Jamison Chief Architect Jornata LLC. Meet Scott Jamison. Chief Architect at Jornata (booth 650) SharePoint partner with Gold Competency in Portals & Collab Formerly a Director at Microsoft SharePoint MVP

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Best Practices A round SharePoint 2010 User Profiles

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
best practices a round sharepoint 2010 user profiles


Best Practices AroundSharePoint 2010 User Profiles

Scott Jamison

Chief Architect

Jornata LLC


Meet Scott Jamison

  • Chief Architect at Jornata (booth 650)
    • SharePoint partner with Gold Competency in Portals & Collab
    • Formerly a Director at Microsoft
  • SharePoint MVP
  • Microsoft Certified Master
  • Author:
    • Essential SharePoint 2007
    • Essential SharePoint 2010
    • Five whitepapers on SharePoint 2010
  • Blog:
  • Twitter:@sjam
what we will cover
What We Will Cover
  • User Profile Feature Overview [100 level]
    • Profiles & Properties
    • My Sites
    • Social Computing Features
  • Review Core Components [200 level]
    • Services
    • Service Applications
    • Databases
    • Timer Jobs
  • Planning & Provisioning [300 level]
    • Required set of pre-planning activities
    • GUI-based provisioning of UPA
what i won t cover 400 level
What I Won’t Cover [400 level]
  • PowerShell provisioning
  • UPRE
  • Global my sites
  • High scale
  • Go to “Part II” – Spencer Harbar’ssession (tomorrow)
  • SPC407: Enterprise Deployment Considerations for the User Profile Applications
user profiles and social computing
User Profiles and Social Computing
  • Key Feature: Business collaboration and social computing
  • A “Social Identity” is the cornerstone of all user-centric and social capabilities
what a social identity enables
What a Social Identity Enables
  • Providing a social identity enables the users of your solution to:
    • Gather insight into other users based on their social network, such as informing them about what the people they know are doing
    • Provide social feedback in the form of ratings, comments, and tags
    • Find an ‘expert’ – a mechanism that provides a way for users to locate a person within the organization based on profile attributes
    • Provide an accurate organization chart so that users know the reporting structure
    • Display items such as human resources news, based on the user’s organization and business role within the company
    • Show a picture of your users in Outlook via the social connector
user profile social features
User Profiles


About me

Additional Profile Properties

Personal Content

“My site”

Social Data

Tags, Comments, & Ratings

Activity Feed

User Profile & Social Features
user profiles my sites social features
User Profiles & My Sites & Social Features
  • User profiles are rendered using single pages:
    • Public profile:
      • http://<mysiteurl>/<mysitehost>/person.aspx
    • Newsfeed
      • http://<mysiteurl>/<mysitehost>/default.aspx
  • Personal sites are individual site collections rendered at:
      • http://<mysiteurl>/<mysitehost>/<useraccount>/default.aspx
  • Personal Sites are optional
    • You can have profiles without my sites
    • You cannot have my sites without profiles
  • Social Features can be enabled/disabled
    • Rely on the user having a profile
Best Practice #1

You don’t have to enable personal sites if you just want people search and social computing.

Best Practice #2

Put your my site host on its own web application.

Best Practice #3

Do not pre-create a personal site for everyone.

It’s a waste of resources. They’ll already have a profile.

my sites

My Sites


Scott Jamison

Chief Architect


social networking
Social Networking
  • Key Goal: Provide a means for social interaction
  • Why? Enables Users to:
    • Provide status updates
    • Interact with other users via noteboards (aka “the wall”)
    • View stories via Activity feeds
    • Discuss stuff via discussion boards
    • Discover people (“colleagues”)
social networking15

Track your colleagues

Better, more readable “newsfeed”

Add additional colleagues



Note board

Colleague addition

Keywords suggestions

Profile Updates

Alerts to update profile

Status message

Social Networking
social feedback
What is Feedback?

Social Tags

Notes and Ratings

Applies to any URL, inside or outside of SharePoint

How does it help?

Categorize, annotate, promote

Help retrieval of relevant links

Primary mechanism for promoting documents and web pages to the newsfeed

Social Feedback
  • Tag anything
    • Documents
    • Items
    • Pages
    • Profiles
    • Things outside SharePoint
  • How to tag
    • I like it
    • Tags & Notes
    • Keyword column
  • Visibility
    • Tags & Notes
    • Tag Cloud
    • Tag Profiles
Best Practice #4

Encourage users to observe and use the existing tags. It maintains consistency.

tag profile
Tag Profile
  • Tag Profile
    • Every tag has one
  • Subscribe
    • Follow tag in my newsfeed
    • Shows in My Interests
  • Add to “Ask me about” in My Profile
  • View people who are following this tag
    • People Search
  • FAST Search
    • Doesn’t Index Social Tags
    • “There are no available items tagged with”
Best Practice #5

Enable Metadata Keyword Social Promotion

  • Rate your content
    • 0-5 Stars
    • Can enable/disable per list
Best Practice #6

Ratings are overrated.

Use with caution.

activity feeds

My Site

Feed Web part

Atom 2.0 feed



Activities I consume


My activities (that others consume)

Activity Feeds
Best Practice #7

Enable the Activity Feed Timer Job.

Change the schedule to suit your needs.

RTM: disabled by default

SP1: enabled by default

Default schedule is Hourly.

making use of social features
Making Use of Social Features
  • Find an Expert
    • People Search
    • Ask me about
  • Tag Subscription
    • Get updates on tags of interest
  • ActivityFeeds
    • Follow
    • Be followed
  • SearchRelevance
    • Tags
core components
Core Components
  • User Profile Service Application
  • User Profile Services
  • Databases
  • Timer Jobs
  • Synchronization*
    • Forefront Identity Manager
profile services
Profile Services
  • User Profile Service Application
    • Container for configuration settings
    • Can be more than one (but only associated with a single synchronization service)
  • User Profile Service
    • SharePoint Service (service on server)
  • User Profile Synchronization Service
    • SharePoint Service (service on server)
    • Provisions Forefront Identity Manager
    • Associated with one User Profile Service Application
user profile service application dependencies
User Profile Service Application: Dependencies
  • Managed Metadata Service
    • Need this for certain user profile properties
    • Need this for Tags to work
  • Search Service
    • People Search
    • Tag Profile Page
  • Business Connectivity Services
    • Synchronizing profile properties from LOB systems
    • Read-only (no write-back)
user profile service application databases
User Profile Service Application: Databases
  • Social Database
    • Tags
    • Comments
    • Ratings
  • User Profile Database
    • Profile properties
    • Consolidated Activity Feed
    • Comments
  • Sync Database
    • Staging data (FIM)

Social Data







Profile Service


user profile service application timer jobs
User Profile Service Application: Timer Jobs
  • User Profile Service provisions 13 Timer Jobs
  • Consider the default schedule against your business needs
how activity feeds work
Activity timer job gathers data

“Activity Feed Job”

Hourly schedule

Activity Feed Cleanup Job

Cleans up activities older than 14 days

Daily schedule

Activity Feed API

Consume user feeds

Insert activities into newsfeeds

How Activity Feeds Work
activity feed architecture
Activity feed architecture

Activity Feed

  • User can define what they see in the activity feed (through user profile page)
  • Customer gathers can provide external data to the activity feed
  • Activity feed can be surfaced through search (people)

Activity Feed - User profile DB

Custom Timer Job

Activity Timer Job

Custom gatherer

Profile and social gatherers

Social database

Change log - User profile DB

how ratings work
How Ratings Work
  • Stored in Social Database
  • Timer Jobs
    • “Social Data Maintenance”
    • “Activity Feed”
    • “Social Ratings Sync”
      • Proxy
      • Sync to content database
  • Average rating calculated
how tagging works
How Tagging Works
  • Tags stored in Social database
  • Requires Managed Metadata Service
  • Timer Jobs:
    • Social Data Maintenance
      • Hourly
  • “I Like it” – just another tag
  • Visible in tags and Notes dialog and also on My Site
how my sites work
How My Sites Work
  • Pages
    • Public profile (person.aspx)
    • Newsfeed (default.aspx)
  • My Site Content
    • site collection + Content DB
  • My Site Host
    • Site collection
  • Trusted My Site Locations
    • Distributed Hosting
    • Audience-driven
  • Timer Jobs
    • My Site Cleanup
      • Notifies manager when a user My Site is deleted
how synchronization works
How Synchronization Works

User Profile Service

  • Multiples Sources
    • AD
    • LDAP
    • BCS
  • Forefront Identity Manager (FIM)
  • Timer Jobs
    • User Profile Incremental Import Job







Business Connectivity





  • Forefront Identity Manager
  • ‘Light’ version bundled with MSS
  • Client great for troubleshooting Sync
  • Use for complex filters
    • Which cannot be expressed in CA

The FIM Client is located at C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe

Best Practice #8

Step away from the keyboard.

Take time to plan.

planning business goals
Planning (Business Goals)
  • Clarify your business goals
    • Why are we doing this?
    • How does it align with our business goals?
  • Plan Capabilities - What features will be enabled?
    • User Profiles
    • Personal Sites
    • Social
  • Plan User Permissions
    • Who will be allowed to use this?
  • Plan Profile properties
    • This will take longer than you think.
  • You’ll Need To:
    • Work with HR
    • Work with ILM team
    • Work with AD team
  • Which properties should be mandatory?
    • Account name, department..etc.
  • Which properties should be visible to everyone?
    • Non-sensitive information
  • Which properties can be changed by users?
    • Phone number, preferred name..etc.
planning for privacy
Social tagging

Culturally disruptive?


Who can social tag/bookmark?

What happens when the employee leaves?

Activity feeds

What’s visible?

Person Pictures

Federal requirements?

Planning for Privacy
plan for governance
Plan For Governance
  • Governance is very important for user profiles
  • You need to train users and decide:
    • When are users supposed to put content into their personal site?
    • How are users supposed to use the tagging rating features?
    • How often should users update their profile
    • What should “About Me” say?
    • Can users put any picture they want into their profile?
policies and privacy settings
Policies and Privacy Settings
  • Policies
    • Enabled, Required, Optional, Disabled
    • User Override
    • Replicable
  • Privacy and Visibility
    • Everyone
    • My Colleagues
    • My Team
    • My Manager
    • Only Me
planning for privacy48
Planning for Privacy
  • Social tagging will be culturally disruptive
  • Need to plan and decide
    • Who can social tag/bookmark?
      • Define an acceptable use policy
    • What happens when the employee leaves?
    • Security trimming of tags
      • Pluggable architecture allows definition of rules and back ends (new in June 2011 CU)
      • Define how to handle non-SharePoint and external sites
      • Only Indexed sites can be trimmed out-of-the-box
    • Activity feed repercussions
planning for privacy49
Planning for Privacy
  • You will need to proactively plan for privacy
  • Key stakeholders are HR, Legal, IT and Business Drivers
  • Top Issues for My Site deployment
    • Picture usage
    • Activity feed
    • Custom Fields
further planning technical
Further Planning (Technical)
  • What will your logical architecture design look like?
  • Plan Container Selection
  • Plan Sync Filters
  • Plan for Scale
  • Do you need global, distributed My Sites?
  • Do you need multi-lingual My Sites?
Best Practice #9

The AD team will lie to you. So take note.

Best Practice #10

Configure write-back to AD to show a picture of your users in Outlook & Lync.

This requires additional permissions.

Best Practice #11

Once you’ve planned accordingly,

only then should you create and

configure your service applications

configuring the upa pre reqs
Configuring the UPA: Pre-reqs
  • Patches:
    • If SQL Server 2008, SP1 + Cumulative updates
  • Permissions:
    • Farm account is local admin on SP server [remember to remove after!]
    • Farm account can log on locally
    • Farm account is administrator for UPA
  • Other Service Applications:
    • A Managed Metadata SA is installed and configured
configuring the upsa
Configuring the UPSA
  • From CA, create a new UPA
    • Three databases are created
    • Only once instance of FIM can run on a server
  • IISRESET…or go get coffee
  • Start the User Profile Sync Service
    • A timer job creates the FIM configuration settings
common issues
Common Issues
  • Farm account is not local administrator on the machine
    • Timer job will fail
    • You can remove local admin privileges after configuration is complete
  • Failing to do an IISRESET after starting the User Profile Service
    • Do an IISRESET and try again
  • User Profile Sync Account needs permissions in AD:
    • Replicate Directory Changes
    • Write Permissions (if you write back)
creating a sync connection
Creating a Sync Connection
  • Use a dedicated account for synchronization
    • Does not need to be the farm account!
    • Needs permissions to Active Directory
      • Replicate Directory Changes
    • For write-back to AD (for example for the user’s photo), use granular permissions
      • thumbnailPhoto attribute
  • Each connection needs to be configured separately
    • AD, LDAP, BCS, other sources
  • You’ll need to create a schedule for each source
    • For AD, full import once; incremental Daily
    • For BCS, only full imports are available
Best Practice #12

Use a Dedicated Service Account for Sync

apply filters to a connection
Apply Filters to a Connection
  • Filters enable you to synchronize a subset of the users
  • You can only reduce the set (never expand it)
  • Edit Connection Filters
Best Practice #13

To filter out disabled accounts, set

userAccountControl (Bit on equals) 2

recap key points
Recap: Key Points
  • Want Better User Adoption?
    • User Profiles enable an broad set of features
  • Planning
    • You shouldmust do it
  • Profile Synchronization
    • Get your permissions right
    • If sync to AD isn’t working, AD permissions are likely the problem
    • BCS does not allow write-back
    • Got filters? Go get coffee.
    • Use FIM for complex filters – but there’s no going back
    • Sync on dedicated SQL for performance
what we covered
What We Covered
  • User Profile Feature Overview
    • Profiles & Properties
    • My Sites
    • Social Computing Features
  • Review Core Components
    • Services
    • Service Applications
    • Databases
    • Timer Jobs
  • Planning & Provisioning
    • Required set of pre-planning activities
    • GUI-based provisioning of UPA
  • Sessions
        • SPC407: Enterprise Deployment Considerations for the User Profile Applications (Wed 1:45)
        • SPC3994: Upgrading User Profiles and My Sites from SharePoint 2007 to SharePoint 2010 (Thu noon)
      • Spence Harbar’s Blog (
  • White Paper
    • “Planning and Deploying SharePoint Server 2010 User Profiles for My Site Web Sites”

Thank You!

  • Blog:
  • Twitter:@sjam
  • Thank you to Spence!
    • @harbars