How to setup/configure user profile service SharePoint 2010
step by step
Today I test on my lab install user profile services on SharePoint 2010 . I test user profile services for SharePoint 2010 before go to configure at customer site .
A user profile is a collection of properties that describes a SharePoint user.Features such as My Sites and People Search use user profiles to provide a rich, personalized experience for the users in your organization.You can create user profiles by importing data from directory services, such as Active Directory Domain Services (AD DS).
You can augment user profiles by importing data from business systems, such as SAP or Microsoft SQL Server.If users update their profiles in Microsoft SharePoint Server 2010, you can write the modified data back to directory services.The process of importing profile data from external systems and writing data back to these systems is called profile synchronization.
You can augment user profiles by importing data from business systems, such as SAP or Microsoft SQL Server.If users update their profiles in Microsoft SharePoint Server 2010, you can write the modified data back to directory services.The process of importing profile data from external systems and writing data back to these systems is called profile synchronization.
My lab environment.
1 server AD 2008 R2
1 server sharepoint2010 Sp2 (system account = contoso\spadmin)
1 SQL Server 2008 R2
I recommend update to SharePoint 2010 SP2 ; Service patch 2 fix bugs on User profile services. In my experience SharePoint2010 SP it bad for user profile service it any problem for me.
In my lab Account system account(contoso\spadmin) for SharePoint is permission member user domain not member domain admins group in active directory . But add spadmin member administrator local group.
On my lab I run services user profile service same account install sharepoint it call system account . (contoso\spadmin)
On step configure User Profile Service SharePoint2010.
Before setup user profile service in sharepoint 2010 , Please check account permission on active directory for Synchronization .
If you have member domain user(spadmin) , Follow this below but your account is member domain admin it skip for this step.
To grant Replicate Directory Changes permission on a domain
1. On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2. In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
1. On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2. In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
3. On the first page of the Delegation of Control Wizard, click Next.
4. On the Users or Groups page, click Add.
5. Type the name of the synchronization account (contoso\spadmin), and then click OK.
6. Click Next.
7. On the Tasks to Delegate page, select create a custom task to delegate, and then click Next.
7. On the Tasks to Delegate page, select create a custom task to delegate, and then click Next.
8. On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
9. On the Permissions page, in the Permissions box, Select Replicating Directory Changes (select Replicate Directory Changes on Windows Server 2003), and then click Next.
10. Click Finish.
Done grant permission .
1. Go to Central Administration > Application Management > Manage Service Applications.
Click New on left menu and select “User Profile Service Application”
2. Name: User Profile Service Application
Create new application pool: User Profile Service Application Pool
Configurable account: contoso\spadmin
When you create a User Profile service application, SharePoint Server creates three databases for storing user profile information and associated data:
Profile database – used to store user profile information.Synchronization database – used to store configuration and staging information for synchronizing profile data from external sources such as the Active Directory Domain Services (AD DS).Social tagging database – used to store social tags and notes created by users. Each social tag and note is associated with a profile ID.
On database :
Profile database : Profile DB
Synchronization database: Sync DB
Social tagging database : Socail DB
Server database is detect on SQL Server install SharePoint2010.
Click OK and wait for create services successful .
3. Central Administration >Manage service on server.
Click Start services User profile Synchronization services and page redirect to step(4.)
4. Select the user profile application : choose your name it create on (1) ” User Profile Service Application” and select on your account on register (2) it show contoso\spadmin and fill your password.
5. Open services.msc windows server and monitor service name waiting for service to start
Note : You don’t have click start on manual this service below is service automatic start.
1. Forefront Identity Manager service2. Forefront Identity Manager Synchronization servicescheck two services it started.
and monitor service on sharepoint manage service.
Check services User profile Synchronization services is started. (F5 for refresh webpage )
Wait ten minute for User profile Synchronization services start .
In fact ; User profile Synchronization services on SharePoint it first started and then Forefront Identity Manager service / Forefront Identity Manager Synchronization services is started .
6. Come back to Central Administration > Application Management > Manage Service Applications > Click on service User Profile Service Application
7. Now you have centraladmin page setup User Profile Service Application
8. Click on Configure Synchronization connection > create new
Connection name : Synchronization domain contoso for SharePoint2010
Type : Active Directory
Connection Settings :
Forrest name : contoso.com
Authentication Provider Type: Windows Authentication
Account name : contoso\spadmin
Password : password your account spadmin
Port : 389 it port default LDAP it not change
Click on Populate Containers
It show structure on active directory , Check box on OU will Synchronization user . > OK
9. Click on link Start Profile Synchronization
If you have something error Error MOSS MA not found SharePoint 2010.
10. Waiting for Synchronization .
You can monitor to import user form Active Directory to SharePoint in UNC path
C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
If you have many user on active directory Please wait for Synchronization .
In my case : Synchronization 7000 people it have time start to end I waiting 30-40 minute ,
11. Check on status on your right hand . If show idle is that mean finish.
12. You can check account and data in sharepoint . Go to Manage User Profile
Fill you name account test : contoso\spadmin
Click dop-down on account and edit
You have information such as e-mail , First name , Last name , Full name or another property is one-way data Synchronization form Active directory to SharePoint .
13. Default Synchronization Time job setup scheduled 1 am for Incremental Synchronization .
14. Done
Have a nice day .
No comments:
Post a Comment