Leveraging User Profiles and My Sites in SharePoint 2010 and 2013 Beatrice Baciu - Architect Derek Cash-Peterson - Practice Director
http://thebookofsharepoint.blogspot.com/ @BeatriceBaciu @spdcp http://spdcp.com
The Challenge Centralize all profile data Searching profile data Integrate with other systems of record Most of our clients wanted to centralize info about their users and often Notion of employee directory came up How do we find something in this place? On of the challenges was always the integration How do we tie this central ‘repository’ to user-specific data?
Agenda How does the user profile service work? The benefits of the user profile service. How does the user profile relate to MySites? Configuring user profile service Ways to develop against the user profile service in 2010 & 2013 As we built this talk, we asked ourselves: what do we want you, the listeners, to take away from this session? And this is how we came up with this agenda. We will discuss the benefits of the UPS by showing you a real-life example ; we have noticed that devs don’t jump at the opportunity of working with he UPS, esp bc its finnicky How the ups could be used in a real-life scenario in conjunction with mysites Even if more unorthodox, something we want to sharew with you to give you an idea how toi play with these components
What We Are Not Talking About Enterprise Social Tagging/Notes Basic configuration of User Profile Service What we are not talking about: Social, tagging, etc.
How Does the User Profile Service Work External System ? FIM SharePoint BCS User Profile Service Application Active Directory Direct Active Directory Import C#
Benefits of the User Profile Service Allows centralized location for all user properties Aggregation of user properties regardless of source Out-of-the-box storage of links to user mysites Individual MySite provides indivudal location to manage and store documents, links, etc. Easy consumption of data in code Centralized location for all user properties, regardless of source AD Custom membership provider databases 2. Aggregation of user properties regardless of source Department may come from AD but Hobbies may come from a database on the same user profile 3. Out-of-the-box site directory for user mysites 4. My Site gives a particular organization a per user location to manage and store documents, links, etc. 5. Automatic update of above site directory 6. Easy consumption of data in code Server API/PS SCOM REST
How does the user profile relate to MySites There is a link to the users MySite in the User Profile MySite provides user with an interface to edit profile data MySite Provides an individual repository for users that is security trimmed Aggregation of all user profile properties in one source Link in UPS to Mysites TJ updates ups after site creation Ms provides profile mgt by user Individual repository for user –sec trimmed You Can Have UPS without MySites but you can’t have MySites without the UPS To configure MySites you only need to have the UPS configured. User Profiles are automatically created when a user creates their MySite
User Profile Service Demo Configuration with ADFS and a custom database Identity claim NOT ad account name Claim user identifier Domain user account
Use AD/ADFS as primary sync connection Use BCS to import additional profile properties Use property mapping to aggregate the User Profile mail <-> Claim User Identifier for OOB properties (AD-like) –ADFS mail <-> Work Email Work Email <-> LowerUserName from database (primary key) new props mapped to BDC columns If using SPD, the primary key will be used as the identifier; modify the BDCM file yourself and use a unique logical key (e.g. LoweredUserName) Troubleshooting: consider restarting the Sync service (connections are not available anymore) Consider restarting the timer job (various sync issues)
Recap Use AD/ADFS as primary sync connection Use BCS to import additional profile properties Use property mapping to aggregate the User Profile If using SPD, the primary key will be used as the identifier; modify the BDCM file yourself and use a unique logical key Permissions in BDC Use AD/ADFS as primary sync connection Use BCS to import additional profile properties Use property mapping to aggregate the User Profile mail <-> Claim User Identifier for OOB properties (AD-like) –ADFS mail <-> Work Email Work Email <-> LowerUserName from database (primary key) new props mapped to BDC columns If using SPD, the primary key will be used as the identifier; modify the BDCM file yourself and use a unique logical key (e.g. LoweredUserName) Troubleshooting: consider restarting the Sync service (connections are not available anymore) Consider restarting the timer job (various sync issues)
Troubleshooting Connections Disappear: consider restarting the User Profile Synchronization Service Random Sync issues: consider restarting the SharePoint Timer Service when MySite gets created, user profile gets created if not there
Limitations BDC cannot be the primary sync connection Duplicate profiles Once sync connection is deleted, profiles need to be purged via PS Mapping two AD attributes to the same SharePoint property is not supported BDC cannot be the primary sync connection, just an addition of mapped properties to existing user profiles imported via AD/ADFS Double profile issue requires mapping of account name property (if both AD and ADFS in case of migrations) Once sync connection is deleted, profiles need to be purged via PS
User Profile Service in Farm-level scenario
Design Approach Educational Institution Needed a web application to allow teachers to see information about their students as well as report progress and grades Created a SP 2010 based solution leveraging MySites as a central reposity of data for each student. Students don’t have access to the MySite Easy way to create unique sites as new students come on board and easy structure for archiving Consolidation of student data from UPS and external Student Information System in central repository
Coding with the User Profile Service in SharePoint 2010
Coding with the User Profile Service in SharePoint 2013
User Profile Service Data Access via REST GET All current user properties http://siteurl/_api/SP.UserProfiles.PeopleManager/GetPropertiesFor(accountName=@v)?@v='domain\username Get specific property of current user http://siteurl/_api/SP.UserProfiles.PeopleManager/GetMyProperties?$select=PictureUrl,AccountName Get all properties for a specific user http://siteurl/_api/SP.UserProfiles.PeopleManager/GetPropertiesFor(accountName=@v)?@v='domain\username’ Get specific property for a specific user http://siteurl/_api/SP.UserProfiles.PeopleManager/GetUserProfilePropertyFor(accountName=@v,propertyName=' LastName')?@v='domain\username‘ Get specific properties of current user (GET) Get all properties of a given user (GET) Get specific properties of a given user (GET) http://siteurl/_api/SP.UserProfiles.PeopleManager/GetUserProfilePropertyFor(accountName=@v,propertyName='LastName')?@v='domain\username‘ Provision a users’ personal site (POST) http://<siteUri>/_api/SP.UserProfiles.ProfileLoader.GetProfileLoader/GetUserProfile/CreatePersonalSiteEnqueue Set the current users’ profile picture (POST) http://<siteUri>/_api/SP.UserProfiles.PeopleManager/SetMyProfilePicture Changing user profile properties is NOT IMPLEMENTED(same for CSOM,JSOM) Deletion is NOT IMPLEMENTED (same for CSOM,JSOM) Office 365: @v='i:0%23.f|membership|user@siteurl.onmicrosoft.com‘
User Profile Service Data Access via REST POST Provision user MySite http://siteurl/_api/SP.UserProfiles.ProfileLoader.GetProfileLoader/GetUserProfile/CreatePersonalSiteEnqueue Set current user’s profile picture http://siteurl/_api/SP.UserProfiles.PeopleManager/SetMyProfilePicture NOTES Changing user’s profile properties is not implemented in REST or CSOM Deletion of user profiles is not implemented in REST or CSOM o365 authentication uses account names like @v='i:0%23.f|membership|user@siteurl.onmicrosoft.com‘ Get specific properties of current user (GET) http://siteurl/_api/SP.UserProfiles.PeopleManager/GetMyProperties?$select=PictureUrl,AccountName Get all properties of a given user (GET) http://siteurl/_api/SP.UserProfiles.PeopleManager/GetPropertiesFor(accountName=@v)?@v='domain\username‘ Get specific properties of a given user (GET) http://siteurl/_api/SP.UserProfiles.PeopleManager/GetUserProfilePropertyFor(accountName=@v,propertyName='LastName')?@v='domain\username‘ Provision a users’ personal site (POST) http://<siteUri>/_api/SP.UserProfiles.ProfileLoader.GetProfileLoader/GetUserProfile/CreatePersonalSiteEnqueue Set the current users’ profile picture (POST) http://<siteUri>/_api/SP.UserProfiles.PeopleManager/SetMyProfilePicture Changing user profile properties is NOT IMPLEMENTED(same for CSOM,JSOM) Deletion is NOT IMPLEMENTED (same for CSOM,JSOM) Office 365: @v='i:0%23.f|membership|user@siteurl.onmicrosoft.com‘
User Profile Service Data Access via REST var inputParameters = { “props”: { "__metadata": { "type": "SP.UserProfiles. GetUserProfilePropertyFor" }, "accountName": "demo\bbaciu", "propertyName": [“FirstName”] }}; var requestHeaders = { "Accept": "application/json;odata=verbose", "X-RequestDigest": jQuery("#__REQUESTDIGEST").val()}; jQuery.ajax({ url:_spPageContextInfo.webAbsoluteUrl + "/_api/SP.UserProfiles.PeopleManager/GetUserProfilePropertyFor", type:"POST", data: JSON.stringify(inputParameters ), contentType : "application/json;odata=verbose", headers: requestHeaders, success:function(data){ //read property }, error:function(jqxr,errorCode,errorThrown){ //handle error } });
User Profile Service Data Access via CSOM SP.SOD.executeOrDelayUntilScriptLoaded(getUserProperties, 'SP.UserProfiles.js'); function getUserProperties() { var targetUser = "domainName\\username”; var clientContext = new SP.ClientContext.get_current(); var peopleManager = new SP.UserProfiles.PeopleManager(clientContext); personProperties = peopleManager.getPropertiesFor(targetUser); clientContext.load(personProperties); clientContext.executeQueryAsync(onRequestSuccess, onRequestFail); } function onRequestSuccess() //we distinguish between user properties and user profile properties var messageText = " \"DisplayName\" property is " + personProperties.get_displayName(); messageText += "<br />\"Department\" property is " + personProperties.get_userProfileProperties()['Department'];
Recap How the user profile service works. The benefits of the user profile service. How does the user profile relate to MySites? Configuring user profile service Ways to develop against the user profile service in 2010 & 2013 Use AD/ADFS as primary sync connection Use BCS to import additional profile properties Use property mapping to aggregate the User Profile mail <-> Claim User Identifier for OOB properties (AD-like) –ADFS mail <-> Work Email Work Email <-> LowerUserName from database (primary key) new props mapped to BDC columns If using SPD, the primary key will be used as the identifier; modify the BDCM file yourself and use a unique logical key (e.g. LoweredUserName) Troubleshooting: consider restarting the Sync service (connections are not available anymore) Consider restarting the timer job (various sync issues)
Thank You! Beatrice Baciu @BeatriceBaciu http://thebookofsharepoint.blogspot.com/ Derek Cash-Peterson @spdcp http://www.spdcp.com BlueMetal Architects www.bluemetal.com Blog.bluemetal.com @bluemetalinc