1 internalDeploying the SharePoint User Profile Service

Deploying the SharePoint User Profile Service

Pitfalls & best practices

Andries den HaanAugust 2012

SharePoint is the center of the universe

3 internalDeploying the SharePoint User Profile Service

SharePoint is the center of the universe

The User Profile Service provides a full set of

social features for SharePoint Server 2010

• Social tagging and commenting

• extensible activity feed

• maintains current user information

• multiple sources

• sets user context:

• organization Browser

• status

• recent activity

• common relationships

• expertise, ask me about.

4 internalDeploying the SharePoint User Profile Service

COMMUNITIES

SITES

CONTENTINSIGHTS

SEARCH

COMPOSITES

But deploying the User Profile Service can be a

bit cumbersome to say the least

• The User Profile Service (UPA) is a complex part of SharePoint with

many subcomponents and (internal) references and dependencies

• the amount of deployment pitfalls may drive you crazy

• customers want it really bad, because it’s the “Social” component

• so there’s no way to run or hide!

5 internalDeploying the SharePoint User Profile Service

Let’s take a deep dive and explore the UPA step

by step

6 internalDeploying the SharePoint User Profile Service

Let’s take a deep dive and

explore the UPA step by step

Agenda

Architecture & components

Some interesting anomalies

Common deployment pitfalls

Putting it all into practice

A final word of advice

Some practical references

7 internalDeploying the SharePoint User Profile Service

The architecture for the UPA is a bit different

from other SharePoint Server 2010 components

8 internalDeploying the SharePoint User Profile Service

Profile DB Sync DBSocial DB

Related Service Applications

Search

Managed Metadata

User Profile ServiceSharePoint Service Instance

.Net Assemblies

SharePoint ContentApplication Pool DOMAIN\SPContentAppPool

http://portal (Web application)

User Profile Service Application Proxy

SharePoint Web Services DefaultApplication Pool DOMAIN\SPWebServicesAppPool

User ProfileServiceApplication

User Profile Synchronisation ServiceSharePoint Service Instance

Windows ServicesDOMAIN\SPFarmAccount

Forefront Identity Manager Synchronisation

Forefront Identity Manager

DirectoryService

Some interesting anomalies might indicate that

the UPA suffered from release pressure

Naming just a few to get you all warmed up:

• Some parts of the UP have direct Profile database access

• FIM is only required for writing back to AD

(issue for import-only scenarios solved in “15)

• SharePoint Server 2010 RTM was bundled with a FIM version

lower then Release Candidate 1 (fixed in CU June 2011)

• database schema bugs during service application creation

• alternate service account permissions during provisioning

• re-provisioning of the UPA after deploying updates

• after a server restart, the UPS service instance is stopped.

9 internalDeploying the SharePoint User Profile Service

Some common deployment pitfalls:

It’s SharePoint! What could go wrong?

With incorrect settings, provisioning will still start

(up to 15 times), but will always fail:

• the service account (Farm account) needs Local Administrator

permissions, but only during provisioning

• the Active Directory synchronization account requires “Replicate

directory Changes” permissions in the domain in order to

successfully import user profile data

• database bugs when using PowerShell: the default schema for the

Farm Account in the Synchronization database is set incorrectly

• import performance is slow (fixed in CU June 2011)

• co-existence with .Net Framework 4.0 (manual fixes).

10 internalDeploying the SharePoint User Profile Service

Putting it all into practice to successfully

perform the User Profile Service deployment

We’ll take a step-by-step approach:

• setting the correct permissions upfront

• using Windows PowerShell magic to create the Service Application

and sync connections

• monitoring UPA provisioning using the ULS viewer and checking

that FIM services are properly configured and started

• reviewing active directory import activities through the FIM client.

11 internalDeploying the SharePoint User Profile Service

Een beheersingsplan voorziet in de juiste

spelregels en richtlijnen

12 internalDeploying the SharePoint User Profile Service

A final word of advice:Never use the Farm Configuration Wizard!

Some practical references that will help you on

the road to success and infinite glory

Configure profile synchronization (SharePoint Server 2010)http://technet.microsoft.com/en-us/library/ee721049.aspx

ULS Viewerhttp://www.microsoft.com/en-us/download/details.aspx?id=21101

Spencer Harbar’s rational Guidehttp://www.harbar.net/articles/sp2010ups.aspx

“Stuck on Starting”http://www.harbar.net/articles/sp2010ups2.aspx

13 internalDeploying the SharePoint User Profile Service

Connect | Share | Discover

Would you like to know more?

andries.denhaan@kpn.com