Presentation on theme: "SharePoint Saturday Dayton, Ohio June 30, 2012 Wrangling The User Profile Service James Grizzle Senior Consultant – Cardinal Solutions."— Presentation transcript:
SharePoint Saturday Dayton, Ohio June 30, 2012 Wrangling The User Profile Service James Grizzle Senior Consultant – Cardinal Solutions
General Information Tweet it Out!! – Hashtag for this event: #SPSDayton – Follow us: @SPSDayton – Include your presenters Check out SPTV – Tweets will display throughout the day on the screens. – Footage will be shown at http://mysp.tv
Overview Setting up the User Profile Service Debugging the UPS (and sync) Advanced UPS Features and Customizations
Assumptions – No Farm Config Wizard – Using Active Directory – Domain Accounts – NetBIOS name is the same as the FQDN – Users in AD
Permissions Farm Account – Log on Locally (Set first) – Administrator (Only during Provisioning) Sync Account – Replicating Directory Changes Permissions Content Access Account User Profile Service Account
Plan Sync Plan Profile Properties Plan OUs to Sync Plan Sync Connection Filters Sync Back?
AD to SharePoint Property Mapping Property Display Name Property Name Value Custom Prop Custom AD Prop Mapped To (AD Property) Originally Mapped To Shows on Profile Page Replicable to Sites Corp ID YesNoemployeeID Yes NamePreferredNameNo cndisplayNameYes Work phoneWorkPhoneNoYesotherTelephone telephoneNumb er Yes Fax No facsimileTelephone Number Yes Address YesNostreetAddress No Building YesNoStreet No City YesNol State YesNost No Zip Code YesNopostalCode No Division YesNodivision Yes
Advanced Sync Topics Map custom AD attributes User Profile sub-types Create advanced profile import filters – Multiple And / OR – CANNOT GO BACK TO CA UI!!!! FIM Global Audiences
Diagnosing Common Issues FIM 99% of the time, permissions are the issue – Farm Account must be local admin during the sync – Farm Account must have “Allow Log on Locally” – Sync Account needs “Replicating Directory Changes” permission in AD IISRESET, Logon / Logoff, and Restart SharePoint Timer Service before starting the UPSA IISRESET after starting the UPSA
FIM Status – Stopped- connectivity Connection Status – Failed search Replicating Directory Changes Permissions Sync Issues – Domain Permissions
Tips Add a link to the User Profile Service and Search Service on the resources list on the homepage and on possibly the Top Link bar Install SP1 and the August 2011 CU at least – April CU refresh offers even better UPS goodies
Gotchas Oct 2011 CU breaks profile photos. Sync Database size – Fixed in April CU (be careful of the version of April CU since it was rescinded by Microsoft – new v.5006) – Also can be handled by deleting the Sync DB and reprovisioning UPA. Remember the Sync DB is only a staging environment Keep the social and profile DBs! Politics – Who owns the identities, does the data come from multiple teams, how will the connections work, if you do write-back, who becomes the authoritative source?
Resources Rational Guide to implementing UPS http://www.harbar.net/articles/sp2010ups.aspx Stuck on Starting – Common Sync Issues http://www.harbar.net/articles/sp2010ups2.aspx Creating User Profile Sync Filters http://www.harbar.net/archive/2011/02/22/323.aspx Mapping User Profile Properties to LDAP attributes http://blogs.msdn.com/b/tehnoonr/archive/2010/11/22 /mapping-user-profile-properties-in-sharepoint-2010- to-ldap-attributes.aspx User Profile Sub Types https://www.nothingbutsharepoint.com/sites/eusp/Page s/Applied-SharePoint-2010-Governance-Part-3-User- Profile-Sub-Types.aspx
Questions and Evals… Fill out your evaluations to receive – Parking Pass – SPS Dayton T-Shirt