User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon
description
Transcript of User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon
![Page 1: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/1.jpg)
User Profile Synchronization ServiceTips and Troubleshooting
![Page 2: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/2.jpg)
Paul Papanek Stork
• Principal SharePoint Architect for BlueChip Consulting Group• http://www.bluechip-llc.com
• Contributing Author• Developer’s Guide to WSS 3.0• MOSS 2007 Best Practices
• Author • MCTS: WSS 3.0 Configuration Study Guide (70-631)• Pro SharePoint 2010 Development for Office 365
• Contact Information• Email: [email protected]• Blog: http://dontPaPanic.com/blog• Twitter: @PStork
![Page 3: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/3.jpg)
Agenda
• User Profile Sync in 2010• User Profile Sync Changes in 2013• AD Profile Sync versus AD Import in 2013• Preparation for User Profile Sync• Starting User Profile Sync & Troubleshooting• Importing Additional Information
![Page 4: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/4.jpg)
Profile Service Application Architecture
Related Services
Web
Fro
nt E
nd
User Profile Service
ProfileSynchronization
ServiceInstance
Profile ServiceInstance
SearchIndexing Tags and Security Trimming
Enterprise MetadataTagging and Profile Properties
WFE talks to the service and SQL,
maintains Front-end cache
Mid-tier cache, optimized for most-used profiles, 256 Mb default (good
for 500k users on average)
Social Data Sync
Profiles
![Page 5: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/5.jpg)
User Profile Service Databases
• Profile database – used to store user profile information.
• Synchronization database – used to store configuration and staging information for synchronizing profile data.
• Social tagging database – used to store social tags and notes created by users.
• User Information Table – Synchronized with User Profile (stores information like user display name for each site collection)
![Page 6: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/6.jpg)
User Profile Timer JobsName Description Timing
Activity Feed Cleanup Cleans up pre-computed activities that are used in activity feeds that are older than 14 days. This job does not affect the User Profile Change Log.
Daily at 3 AM
Activity Feed Pre-computes activities to be shown in user activity feeds. HourlyAudience Compilation Computes memberships of defined audiences. Weekly, Sat at 1 AMMy Site Suggestions Email Sends e-mail messages that contain colleague and keyword suggestions
to people who do not update their profile often, prompting them to update their profiles.
Monthly, 15th at 10 PM
Social Data Maintenance Aggregates social tags and ratings and cleans the social data change log.
Hourly, 30 min after
Social Rating Synchronization Synchronize rating values between Social Database and Content database
Change Cleanup Job Cleans up data that is 14 days old from User Profile Change Log. Daily at 10 PMChange Job Processes changes to user profiles Hourly, on the hourIncremental Synchronization Synchronizes user, group and group membership changes between the
User Profile Application and specified directory sourceDaily at 1 AM
Language Synchronization Job Looks for new language pack installations and makes sure that strings that related to the user profile service are localized correctly.
Every minute
SharePoint Full Synchronization Synchronizes user information from the user profile application to SharePoint users and synchronizes site memberships from SharePoint to the user profile application.
Hourly, on the hour
SharePoint Quick Synchronization Synchronizes user information from the user profile application to SharePoint users who were recently added to a site.
Every 5 minutes
My Site Cleanup Job When a user is deleted, sends an e-mail message to the manager containing a request to the manager to move any documents or data that the manager wants to preserve, because the site might be deleted in the future.
Hourly, on the hour
System Job to Manage User Profile Synchronization
Manages provisioning, run steps and additional tasks related to User Profile Synchronization. (Note: Don’t Change Timing)
Every minute
![Page 7: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/7.jpg)
Changes in SharePoint 2013
• Re-Introduction of AD Import• Faster Synchronization for Full Synch• Synchronization with multiple directory services
• Active Directory Domain Services (AD DS) 2003 SP2 and above• Sun Java System Directory Server version 5.2• Novell eDirectory version 8.7.3• IBM Tivoli version 5.2
![Page 8: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/8.jpg)
Active Directory Import
• Faster than user Profile Sync.• No bidirectional synchronization• Limited to a single Active Directory forest.• Allows only one farm-wide property mapping.• Fewer properties synced by default than AD Sync
• FirstName, LastName, Department, SPS-JobTitle, Office, PreferredName, SPS-Department, Title, WorkEmail, WorkPhone
![Page 9: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/9.jpg)
Configure AD Import (2013)
![Page 10: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/10.jpg)
Important CUs and SPs
• Oct 2010 CU – fix for Central Admin SSL issue• Dec 2010 CU – breaks Netbios domain support• Feb 2011 CU – fix for Netbios domain support• Service Pack 1 – major improvements to User Profile
Sync, but don’t use it without a later CU• June 2011 CU or August 2011 CU – should be
installed after Service Pack 1 • Feb 2012 CU – improved stored procedures for
maintenance of SyncDB
![Page 11: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/11.jpg)
Prestart Checklist
• Don’t Run the Farm Config Wizard!• If SQL is an Instance or FQDN
• Create a SQL Alias
• Install SP1 and August 2011 Cumulative Update• Verify Account Permissions
• See the Next Slide
• Does AD Netbios Domain Name match FQDN?• Example Acme ≠ Acmeman.dev• Additional Permissions required• $upsa = Get-SPServiceApplication –Id User-Profile-App-GUID
$upsa.NetBIOSDomainNamesEnabled=1 $upsa.Update()
![Page 12: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/12.jpg)
Security Rights for User Profile Sync
• UPS Service Identity (Farm Account)• Must run as Farm Account• Local Admin during Provisioning• Log on Locally • Note: Reboot after changing Farm Account rights
• Synchronization Connection Account • Replicating Directory Changes on the Domain• Netbios name ≠ FQDN name
• Replicating Directory Changes on Configuration Partition
• Member of Pre-Windows 2000 Compatible Access• For Export Only – Create Child Objects and Write Access to OUs
![Page 13: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/13.jpg)
Check Pre-requisites
![Page 14: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/14.jpg)
Starting User Profile Sync
• Provision the User Profile Service Application through Central Admin
• Start the User Profile Service in Services on Server• Reboot the Server• Start the User Profile Sync in Services on Server
![Page 15: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/15.jpg)
Common Issues
• SharePoint Farm account isn’t a Local Admin • Add the Farm Account to Local Admin and reboot
• Creating User Profile Service App using Powershell• Sync DB schema is incorrect
• Running Central Administration over SSL• Fixed in October 2010 CU
• Timeouts when configuring Sync Connections• Use PowerShell to slowly increase timeouts until it works
![Page 16: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/16.jpg)
Troubleshooting
1. Re-Verify original Checklist
2. Watch provisioning with ULSViewer
![Page 17: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/17.jpg)
Monitoring UPS provisioning in ULS
![Page 18: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/18.jpg)
Troubleshooting
1. Re-Verify original Checklist
2. Watch provisioning with ULSViewer
3. View Sync run with Forefront Identity Manager
C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
![Page 19: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/19.jpg)
Watch Sync with MIISclient.exe
![Page 20: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/20.jpg)
Troubleshooting
1. Re-Verify original Checklist
2. Watch provisioning with ULSViewer
3. Check Event Viewer for Errors
4. View Sync run with Forefront Identity Manager
C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
![Page 21: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/21.jpg)
What Not to Do
• Don’t modify the FIM service settings in Windows Services
• Don’t try to use something other than the FARM account
• Don’t modify FIM settings using MIISClient.exe• Don’t worry about the warning in Health Check about
not running other services under the Farm Account
![Page 22: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/22.jpg)
Configure User Profile Sync
![Page 23: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/23.jpg)
Importing Groups
• Used for Audiences and to calculate MySite Memberships List
• Has no effect on which users are imported• Has no effect on which users are displayed in People
Picker
![Page 24: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/24.jpg)
Importing Additional User Data
• Must have a primary sync with a Directory service• Create a BCS external content type
• ECT must use a Login identifier as Key
• Configure a BCS sync Connection• Can Sync either a Single Valued or Multi Valued
Property, but not Multiple records
![Page 25: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/25.jpg)
Import Properties via BDC
![Page 26: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/26.jpg)
Additional Resources
• Configure profile synchronization (SharePoint Server 2010) - Technethttp://technet.microsoft.com/en-us/library/ee721049.aspx
• Troubleshooting User Profile Sync Issues on SharePoint 2010 – Steve Chenhttp://blogs.technet.com/b/steve_chen/archive/2010/10/13/troubleshooting-user-profile-sync-issues-on-sharepoint-2010.aspx
• Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization- Spence Harbarhttp://www.harbar.net/articles/sp2010ups.aspx
![Page 27: User Profile Synchronization Service: Tips and Troubleshooting by Paul Stork - SPTechCon](https://reader035.fdocuments.in/reader035/viewer/2022081507/55511db4b4c905b1138b5163/html5/thumbnails/27.jpg)
Questions?Please Fill Out Your Evals!!!
Paper in the Back of the room
- OR -
Use the Event Board “App”
Contact Information
Email: [email protected]
Blog: http://dontPaPanic.com/blog
Twitter: @PStork