I first introduced Service Applications and User Profile
Service Synchronization back when SharePoint 2010 was in beta, and as many
of you who would have attempted this feat, would have come to realize that
there were a couple of known issues, in particular those
around utilizing a least privilege model with service accounts.
I’m confident in stating that these issues have now been resolved with
RTM and in today’s article I will share with you my step by step guide in
setting up the User Profile Service application, focusing on its configuration
and administration and how we can enable the creation of user profiles via an
Active Directory import .
SharePoint 2010 introduces the notion of “Service Applications”
which build’s upon the “Shared Services Provider (SSP)” which was introduced in
SharePoint 2007. Service Applications are individual services that can be
configured independently and can be shared across other sites within your farm
with some service applications that can also be configured across farms.
The individual service applications provided with SharePoint
2010 are listed as follows;
·
Access Services
·
Business Data Connectivity
·
Document Conversion
·
Excel Services
·
Managed Metadata Service
·
PerformancePoint
·
Search Service
·
Secure Store
·
State Service
·
Visio Graphics Service
·
User Profile Service
This article will build upon our initial SharePoint 2010
install utilizing the least privilege model which I have documented here, so check it out if you haven’t already done so.
Managed Metadata Service
The User Profile service requires that the Managed Metadata
Service is setup and configured first before attempting setting up our first
User Profile Service. The Managed Metadata service allows you to utilize
managed metadata and provides you with the ability to share content types
across sites. You can read more about Managed Metadata here.
To setup our Managed Metadata Service, navigate to Central
Administration / Application Management / Manage Service Applications.
Click New and select “Managed Metadata Service”
Enter the follow details;
Name: Managed
Metadata Service
Database Server: <server_name>
Database Name: Managed
Metadata DB
I will utilize the sp_farm account for the Application Pool
Identity.
Click Create.
Lastly, navigate to Central Administration / System Settings /
Manage services on server and start the Managed Metadata Web Service.
User Profile Service
Now that we have successfully configured our Managed Metadata
service we can now focus our attention on the User Profile Service. The
User Profile Service provides our SharePoint farm with all the social
networking features that we have come to love in SharePoint 2007, plus
more. It forms the basis of My Site support, User profile pages,
Audiences and some of the newer features in SharePoint 2010 social computing
such as social tagging.
Before we begin, we need to ensure that our Farm account
(DOMAIN\sp_farm) is listed as a member of the Local Administrator’s group where
the User Profile Synchronization (UPS) service will be deployed. Please
make a note to remove the DOMAIN\sp_farm account from the Local Administrator’s
group after provisioning the User Profile Synchronization service. Please
also note, that if you ever have to re-provision the UPS service at a later
date, that you will need to ensure the DOMAIN\sp_farm account is added back to
the Local Administrator’s group.
Let’s now navigate to Central Administration / Application
Management / Manage Service Applications.
Click New and select “User Profile Service Application”
The “Create New User Profile Service Application” window pops up
in which you will enter the following details; (you will obviously enter in the
details based on your environment setup)
Name: User
Profiles
Create new application pool: SharePoint
– User Profiles
Register a new managed account: e.g. DOMAIN\sp_userprofiles (nb:
this account will need to be provisioned in Active Directory first)
Enter your Profile Database server details and database
authentication. You will notice that SharePoint 2010 introduces the
ability to configure Failover Server which allows you to associate your
SharePoint databases with another SQL server for failover purposes utilising
SQL Server database mirroring. We will not specify a Failover
Database server for any of our databases at this present time.
Specify your Synchronization Database which is used to store
configuration and staging data for synchronization of profile data such as that
from Active Directory.
Next, specify your Social Tagging Database which is used to
store tags and notes that are created by users. Social Tagging is a new
feature in SharePoint 2010 which is not only displayed against the items that
user’s are tagging, but are also displayed in the user’s activity feed.
Next, select your Profile Synchronization Instance Server.
In the proceeding section, we will not create a My Site Host URL
and will leave this for part two of this series.
Click Create.
You should now have the User Profiles service application listed
and started.
We will now venture back into Central Administration / System
Settings / Manage services on server.
Scroll down to the User Profile Service and User Profile
Synchronisation Service and start both. The User Profile Service should
start without any further user interaction, however the User Profile
Synchronization Service will ask for your SharePoint Farm credentials.
Click Ok.
Both services should now be listed as started.
This in turn, will correctly configure and start our ForeFront
Identity Manager Windows Services (FIM).
At this point, it is imperative you run an IIS reset. Even better, just
reboot the machine
We will now configure our User Profile Connection to our Active
Directory Domain.
Navigate to Central Administration / Application Management /
Manage Service Applications.
Click on User Profiles / Manage.
Click on Configure Synchronizations connections / Create New
Connection.
Enter the follow details;
Connection Name:
Type: Active
Directory
Auto discover domain controller or specify a domain controller
Authentication Provider Type:
Windows Authentication
Account Name / Password:
Port: 389
Click on Populate Containers
Click OK.
Your connection should now be listed as follows upon successful
creation.
We can now easily setup connection filters against our Active
Directory User Profile connection by clicking on the connection that was just
created and selecting “Edit Connection Filters”.
Specify and Add any User or Group exclusions and then click OK.
Next we will Configure a Synchronization Timer Job via Central
Administration / Application Management / Manage Service Applications / User
Profiles.
Click Enable
We will finish off by initiating a full synchronization via
Central Administration / Application Management / Manage Service Applications /
User Profiles / Start Profile Synchronization.
In order to confirm that the import was a success, the Number of
User Profiles should now be set to the number of users in your organization, in
my case I have 269 dummy users in my Active Directory domain. Word of note; this will take
some time and is considerably slower than an Active Directory User Profile
import in SharePoint 2007.
You can also venture into Manage User Profiles and search for
users (please take note that SharePoint 2010 does not display any users by
default and that you will have to search for them).
Edit a User Profile to ensure that all the necessary Active
Directory attributes were successfully imported.
We have now successfully completed a User Profile
Synchronization which will form as a basis for User’s happy SharePointing!!
No comments:
Post a Comment