User Profiles
This category includes posts related to SharePoint Server 2010 User Profiles, and User Profile Synchronization capabilities.
Many thanks to everyone who attended the European Collaboration Summit in Mainz, Germany, last month. It’s safe to say that the event overall was a runaway success and yes, we have already started planning for the 2019 edition! At the event, I promised to publish some additional resources. These are a little later than I had hoped but with a new job and a variety of “more important” things on a rather large to-do list, the delay was inevitable. At any rate, this post serves as a landing page for these resources....
One of the most common requests I have received over the last couple years has been how to leverage PowerShell to get User Photos from Active Directory (or any other location really) into the SharePoint User Profile Store. With the removal of User Profile Synchronization (UPS) in SharePoint 2016 this need has increased significantly. For most mid market customers this is a key requirement, and implementing Microsoft Identity Manager (MIM) for this purpose is not practical. I did spend a whole bunch of time before the release of SharePoint 2016 attempting to convince the powers that be, that Active...
Introduction For about a year now I’ve been plagued by people asking me how to configure a partitioned User Profile Application (UPA) in SharePoint Server 2016, and perform successful profile import using Active Directory Import (ADI). Every few weeks someone asks for the configuration, and it basically got to the point where it made sense to post this article to which I can refer folks. Now, I am not going to provide all up coverage here. I expect you to be familiar with the fundamental concepts of SharePoint Multi-Tenancy. You can head over to my other articles here...
When leveraging Microsoft Identity Manager (MIM) and the SharePoint Connector for User Profile Synchronization, some customers have a requirement to import profile pictures from the thumbnailPhoto attribute in Active Directory. This post details the correct way of dealing with this scenario, whilst retaining the principle of least privilege. The configuration that follows is appropriate for all of the following deployments: SharePoint 2016, MIM 2016, and the MIM 2016 SharePoint Connector SharePoint 2013, MIM 2016, and the MIM 2016 SharePoint Connector SharePoint 2013, FIM 2010 R2 SP1 and...
Today, Microsoft released Service Pack 1 for Microsoft Identity Manager 2016 (MIM). This is an extremely important release for SharePoint practitioners who are looking to leverage MIM for User Profile Synchronization with SharePoint Server 2016. This Service Pack provides a significantly streamlined deployment process – no more hotfix rollups (well, for the time being :)). This is important for those leveraging simply the Synchronization Service, but also for those working with declarative provisioning using the MIM Portal and Service – SharePoint Server 2016 support is also included, as is support for SQL Server 2016. Service Pack 1 can...
As many of you are aware there is a “toolset” published on GitHub which provides one way to get up and running using Microsoft Identity Manager 2016 (MIM) for profile synchronization with Active Directory. This Windows PowerShell Module and exported MA configurations basically provisions a base capability more or less akin to what shipped with SharePoint 2013’s User Profile Synchronization capability. I’m not much of a fan of this Module or it’s approach. Seriously, if a customer is going down the road of implementing MIM they better be sure they have the right skills in place – and right...
Back in the middle of March, Microsoft released a Hotfix Rollup for Microsoft Identity Manager 2016 (MIM). This hotfix rollup is version 4.3.2195.0. This is an extremely important build for those leveraging MIM for profile synchronization with SharePoint Server 2016. You can get the bits over at KB313475. There are numerous articles out there suggesting that you should install build 4.3.2064.0. Don’t! 4.3.2195 is the fix package you need. Make this part of your base build of the MIM Sync server. However, if you already have MIM Sync setup and you want to apply this patch, make sure...
[Updated 19/02 with session timeslots and an additional session] Vegas, March, 10,000 SharePoint people. What could possibly go wrong?! The big daddy is back, SharePoint Conference 2014 promises to be another great event, and I am once again happy to be speaking at the biggest SharePoint conference on the planet. I get asked a lot about which conferences are worth the money and so on, and of course being the official show, and with the associated travel and accommodation expenses SPC is often in the “requires justification” bucket. Seriously there is no debate, it’s worth it. If you...
When using the Active Directory Import (ADI) mode of the SharePoint 2013 User Profile Service, you may be wondering what the default Profile Property Mappings are. Whilst the capability is neat, the use of a shared UI with User Profile Synchronization (UPS) leaves a *lot* to be desired. Manage User Properties won’t display the mapped attributes, as you can see from the example below. The highlighted rows are some of the properties which are mapped by default. Similarly when we edit a property, the Edit User Profile Property page does not display the mapped attribute: ...
One of the most common questions I get regarding the Active Directory Import mode in the SharePoint 2013 User Profile Service is "just how quick is it?" As previously detailed Active Directory Import (ADI) is very fast, especially in comparison to User Profile Synchronization (UPS). But saying it is quick doesn't really mean anything. Each time I present on the topic, the question comes up, "do you have any numbers".
Sadly it's still early, too early, to provide real, solid proven numbers across a range of deployments. In lieu of such appropriate data I put together a very quick and...
I will be posting an update to my UPS guide for SharePoint Server 2013 Preview in the near future. I had long planned to update it with better writing and more up to date details anyway. However as I’ve already received a bucket load of questions on this already I wanted to post a quick note to hopefully stem the flow a little bit. When I say UPS, I mean the User Profile Synchronization service instance. The wrapper for FIM along with it’s configuration UI in Central Administration (which is part of the UPA). This is distinct from the...
SharePoint Server 2013’s User Profile Service Application includes a “new” method for performing an import of user attributes from Active Directory into the SharePoint Profile store called Active Directory Import. You may also hear or see this referred to as “AD Direct Mode” in pre-release materials. This method provides numerous advantages over the Forefront Identity Manager based approach (which is still available, more on that at a later date) for certain common scenarios. This article provides an introductory overview of the feature and why it might be useful in your deployments. Please note that this article applies to...
Since the release of SharePoint Server 2010, the maintenance of the User Profile Service Application (UPA) Sync DB has been extremely problematic. I’m not talking about “standard” database maintenance tasks here, you know those routine tasks you should be performing on your environment but that seldom are implemented by those running operational service :). This is all about the Sync DB retaining data that it shouldn’t. There is quite a lot of confusion out there surrounding this topic in general and it has certainly hit a lot of customers, hard. The fundamental issue stems from the choice of the...
As a small but significant follow up to my UPA session at the SharePoint Conference in Anaheim last month, is that yesterday we pushed out an update to the Database types and descriptions article on TechNet to finally detail that synchronous mirroring of the Social database IS 100% supported. As already detailed in this document, the Profile database already supported synchronous mirroring. That leaves the Sync database, which if you were paying attention in the session we really don’t care about in terms of “HA” or “DR”. Not perfect by a long shot but you can now officially...
As promised during my sessions at the SharePoint Conference in Anaheim last week, here are the Windows PowerShell scripts demonstrated. Please note that these scripts are direct copies of those on my Virtual Machines. You *will* need to tweak them for use on your environments, and remember they are authored for the purposes of demonstration! If you wish to take pieces of them to use in a real deployment, they will need some work. The scripts are provided as is, without any warranties! You know the score. SPC407: Enterprise Deployment Considerations for the User Profile Service Application. ...
Was chatting to my buddy Rob Foster recently and he was slagging me off for not pointing to the SharePoint Pod Show we recently recorded. So here for you listening pleasure (ahem!) is a discussion about the MCM program, some classic mistakes for SharePoint deployments and even a little bit of cricket! SharePoint MCM, Top 3 mistakes, and User Profile Sync discussion with Spencer Harbar-Episode 63 .
One of the most common conversations I have with customers, partners and random SharePoint consultants is around the creation of SharePoint Server 2010 User Profile Synchronization Connections. These guys are the key link, or connection string if you will between the User Profile Service Application (UPA) and the connected directory services. A very common complaint is the inability to automate their creation using Windows PowerShell. The good news is that Service Pack 1 (SP1) introduces a couple of new cmdlets which help in this regard. This post looks at these cmdlets and also details why they might not be all...
One of the most common complaints about the User Profile Synchronization service in SharePoint Server 2010 is the time it takes to perform synchronization runs or “sync” for short. This is due to a number of factors not least of which is that by leveraging Forefront Identity Manager (FIM) SharePoint now effectively includes a metadirectory. This is a good thing. However if you are just doing import then there is a huge increase in the time it takes over previous versions which were simply performing an ADSI query and inserting the results into a database. It’s very important to...
You may have noticed a few new Windows PowerShell cmdlets included with SharePoint Server 2010 Service Pack 1 (SP1), Get-SPProfileLeader, Add-SPProfileLeader & Remove-SPProfileLeader. These cmdlets are causing a little bit of confusion, so this short post explains them and the problem they are intended to address. First up, they have absolutely nothing whatsoever to do with Organizational Profiles. The term “leader” here is somewhat misleading (no pun intended!). What this is all about is User Profiles and People Search Relevance. One of the key pieces of data that SharePoint Server Search uses to drive relevance in people...
One of the best new feature areas of SharePoint Server 2010 was the social computing capabilities delivered by the User Profile Service (UPA). Tags, Ratings, Activities as well as enhancements to the My Sites infrastructure allow enterprises to deliver rich “social” applications with the out of the box capabilities. Furthermore by using these features as building blocks a new class of composite social applications have become possible, enabling the enterprise to leverage social computing for both business benefit and end user happiness. Of course, as with many aspects of SharePoint 2010, with great power comes the need for responsibility...
Planning and implementing Exclusion Filters for SharePoint Server 2010 User Profile Synchronization (UPS) is without doubt one of the most important aspects of any UPS deployment. By making use of Exclusion Filters we can narrow down the objects we sync with. Exclusion Filters reduce the amount of “junk” in the Profile database and can significantly decrease the time taken to perform synchronization runs. I will be posting more about Exclusion Filters in general soon, but for this post I will concentrate on the most commonly used filter – that of the userAccountControl attribute in Active Directory. This is by...
It’s been brought to my attention recently that you all love the User Profile Synchronization service instance in SharePoint Server 2010! :). So much so in fact, that one of the most common requests I get is for more articles on this topic, and in particular details on syncing with directory systems other than Active Directory.
There is very little documentation about syncing with Novell eDirectory. Unfortunately at present TechNet only provides cursory information regarding permissions, and the early White Paper is extremely weak. Neither provide the necessary details to get it running.
This article will walk through the steps needed to...
Recently I’ve been asked a number of times about what happens to accounts deleted from Active Directory with respect to SharePoint 2010 User Profiles, and the User Profile Synchronization service instance. Unfortunately this pretty much isn’t documented at all, and furthermore there is quite a lot of incorrect information and assumptions about this area. There is plenty on how SharePoint 2007 handled things of course, but as regular readers (all two of them) will know, things are mighty different in 2010. The good news is that things are pretty straightforward and this post will walk through the important details.
Let’s take...
As you may already be aware there is a bug when creating the User Profile Service Application (UPA) using Windows PowerShell. This bug prevents the provisioning of the User Profile Synchronization service instance (UPS). In a nutshell, when using Windows PowerShell to create a UPA the Default Schema of the Farm Account on the Sync DB is set incorrectly, and this will lead to an error during provisioning of the UPS later. The following error will be logged to the Application Event Log: “IF EXISTS (SELECT * FROM sys.xml_schema_collections c, sys.schemas s WHERE c.schema_id =...
Back about a week after RTM of SharePoint 2010 I published my Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization. This was actually written up long before RTM and was doing the rounds among a circle of SharePoint “insiders”. I then tweaked it for RTM and pushed it out immediately after the SharePoint Evolutions Conference, where I had demoed live the steps.
Amazingly, this article has already been viewed over 260,000 times! An incredible response. Of course the Microsoft documentation in this area is weak at present, and UPS is what you could call a “rough edge” of...
Since I published my article, Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization, I’ve been deluged with email on the topic. All good, it shows me that I chose the right content to post, and that the content has relevance.
However one key aspect keeps coming up over and over again both in these emails and on IM etc. Lots of people after attempting to provision the UPS Service from Services on Server, need to reboot the server before the service is provisioned correctly.
If you are running the UPS Service instance on the machine hosting Central Administration, you MUST...
There's a ton of stuff out there on User Profile Sync in SharePoint Server 2010. Some of it’s good, some of it’s frankly terrible. TechNet has some of the best material, but unfortunately TechNet’s format restrictions are counter-intuitive. Therefore this article presents an end to end, “rational guide” to setting this up.
There are a couple of contentious setup requirements in here. I may discuss those in more depth later. For now, the following steps are required. Don’t try and work around them, UPS will break. The following is the least privilege you can get away with.
This article will also be...