Wrangling The User Profile Service James Grizzle Senior Consultant – Cardinal Solutions
General Information • Tweet it Out!! • Hashtagfor this event: #SPSDayton • Follow us: @SPSDayton • Include your presenters • Check out SPTV • Tweets will display throughout the day on the screens. • Footage will be shown at http://mysp.tv
Overview • Setting up the User Profile Service • Debugging the UPS (and sync) • Advanced UPS Features and Customizations
Assumptions • No Farm Config Wizard • Using Active Directory • Domain Accounts • NetBIOS name is the same as the FQDN • Users in AD
Permissions • Farm Account • Log on Locally (Set first) • Administrator (Only during Provisioning) • Sync Account • Replicating Directory Changes Permissions • Content Access Account • User Profile Service Account
Errors • Add NETWORK-SERVICE to WSS_WPG group
Plan Sync • Plan Profile Properties • Plan OUs to Sync • Plan Sync Connection Filters • Sync Back?
Advanced Sync Topics • Map custom AD attributes • User Profile sub-types • Create advanced profile import filters • Multiple And / OR • CANNOT GO BACK TO CA UI!!!! • FIM • Global Audiences
Diagnosing Common Issues • FIM • 99% of the time, permissions are the issue • Farm Account must be local admin during the sync • Farm Account must have “Allow Log on Locally” • Sync Account needs “Replicating Directory Changes” permission in AD • IISRESET, Logon / Logoff, and Restart SharePoint Timer Service before starting the UPSA • IISRESET after starting the UPSA
Sync Issues – Domain Permissions • FIM • Status – Stopped-connectivity • Connection Status – Failed search • Replicating Directory Changes Permissions
Tips • Add a link to the User Profile Service and Search Service on the resources list on the homepage and on possibly the Top Link bar • Install SP1 and the August 2011 CU at least • April CU refresh offers even better UPS goodies
Gotchas • Oct 2011 CU breaks profile photos. • Sync Database size • Fixed in April CU (be careful of the version of April CU since it was rescinded by Microsoft – new v .5006) • Also can be handled by deleting the Sync DB and reprovisioning UPA. • Remember the Sync DB is only a staging environment • Keep the social and profile DBs! • Politics • Who owns the identities, does the data come from multiple teams, how will the connections work, if you do write-back, who becomes the authoritative source?
Resources • Rational Guide to implementing UPS http://www.harbar.net/articles/sp2010ups.aspx • Stuck on Starting – Common Sync Issues http://www.harbar.net/articles/sp2010ups2.aspx • Creating User Profile Sync Filters http://www.harbar.net/archive/2011/02/22/323.aspx • Mapping User Profile Properties to LDAP attributes http://blogs.msdn.com/b/tehnoonr/archive/2010/11/22/mapping-user-profile-properties-in-sharepoint-2010-to-ldap-attributes.aspx • User Profile Sub Types https://www.nothingbutsharepoint.com/sites/eusp/Pages/Applied-SharePoint-2010-Governance-Part-3-User-Profile-Sub-Types.aspx
Questions and Evals… • Fill out your evaluations to receive • Parking Pass • SPS Dayton T-Shirt
Brixx Ice Co. 500 East First St., Dayton
SharePoint Saturday Dayton has been made possible because of generous sponsorship from the following friends…