Post on 18-Jun-2020
Making Peace with the User Profile Service
Todd Klindt & Shane Young
Rackspace
Who is this Todd guy?
• WSS MVP since 2006
• Speaker, writer, consultant, Aquarius, President of Shane Young fan club
• Personal Blog www.toddklindt.com/blog
• Company web site www.sharepoint911.com
• E-mail todd.klindt@rackspace.com
• Twitter me! @toddklindt
• Glad Shane doesn’t sign my paychecks
Who Am I?
• Shane Young
• SharePoint911, a Rackspace Company
• Microsoft Office SharePoint Server MVP
• Consultant, Trainer, Writer, & Speaker
• Shane.Young@Rackspace.com
• Blog
• http://msmvps.com/shane
• SharePoint Consulting
• http://www.sharepoint911.com
• http://twitter.com/shanescows
• Secretly has a crush on Todd.
Session Agenda
• What it does and why you need it
• Steps for normal setup (Single domain)
• Demo
• Random insights
Why do I even care?
• The User Profile Service has several roles
• Controls the My Sites on your farm
• Provides user profiles
• Can be updated by user
• Can be augmented with info from AD or other LOB stores
• Can write back to those stores
• This is where the pain is
Easy part
• Create a User Profile Service Application
• Create a web application to host my sites
• Create a my site host site collection
• Change default database names
• They have spaces and that is just silly.
• Start User Profile Service
Hard part
• Configure profile synchronization
• Best place to start?
• Microsoft TechNet Article
• http://technet.microsoft.com/en-us/library/ee721049.aspx
• Read it and follow ALL OF THE STEPS and you will be in a really good place.
Getting Ready - Permissions
• Farm account – Needs:
• To be local admin on the server you are starting the user profile synchronization service on when it’s being provisioned
• Log on locally right
• Check GPOs
• Profile Sync Account – Read Access Needs:
• Replicate Directory Changes permission on the domain that you will synchronize with.
• If the domain controller is running Windows Server 2003, the synchronization account must be a member of the Pre-Windows 2000 Compatible Access built-in group.
• If the NetBIOS name of the domain differs from the domain name, the synchronization account must have Replicate Directory Changes permission on the cn=configuration container.
Quick Steps • Make sure your farm account has all those super permissions
• If you had to update your farm account permissions reboot now and save yourself the headache
• Start the User Profile synchronization service, yes it will take 5 to 10 minutes to start the service
• Do an iisreset
• Go to manage your user profile service application
• Click on Configure Synchronization Connections
• Create a new connection to your domain
• Fill in all the info and then select what OUs you want to import and click OK
• From the manage profile service screen click on Start Profile Synchronization
• Cross your fingers and be patient. It takes a while
Demo
• Todd show them the magic!
Things to ponder
• Spence Harbar has some guidance that is a good read
• http://www.harbar.net/articles/sp2010ups.aspx
• Service Pack 1 and June 2011 CU are a must
• Most of the SharePoint 2010 Cumulative Updates have some fixes
• Handy troubleshooting tool for more info
• C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
• If you ever restore the UPS Service Application you do not restore the synchronization database
Blatant links to Todd’s blog
• SharePoint aware backups may break UPS
• http://www.toddklindt.com/BackupBreaksUPS
• How to have the UPS but prevent MySites
• http://www.toddklindt.com/PreventMySites
• Import user pictures from Active Directory
• http://www.toddklindt.com/ProfilePictoAD
• Rebuild the UPA without losing profile information
• http://www.toddklindt.com/RebuildUPA
SharePoint911
SharePoint911 was established in 2004 to draw on Shane Young’s extensive experience with systems administration and with consulting for clients on SharePoint issues. Over the past several years, SharePoint911 has expanded and evolved. While
our ability to respond quickly to specific needs makes us unique, we also offer comprehensive consulting services. Not
only do we have extensive, real world experience, but our consultants also teach, write about, and speak on various
SharePoint topics.
We truly are “The SharePoint Authority.”
http://www.sharepoint911.com
Thanks
Please fill out your evaluations
And turn yourself around
Thanks
Please fill out your evaluations
And turn yourself around
1
6
RACKSPACE® HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218
US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM
RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN TH E UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM