Saturday, December 31, 2011

How to: Configure "My Sites" in Sharepoint 2010

Hi all,

In this blog post, I am going to walk through configuring "My Sites" and its intricacies. If we are able to successfully configure User Profile Service Application, "My Sites" would be much simpler.  Lets get started.

Step1:
Add user details in AD
In my previous blog posts, I have added 3 users just for the demonstration purposes. These are user details:
 
User
Job title
Manager
Aman Shukla
SharePoint Designer
Ishan Shukla
Aroh Shukla
SharePoint Developer
Ishan Shukla
Ishan Shukla
CEO
Manages 2 users

We have to navigate to the Active Directory Users and Computers console and edit user details as shown:
Right click on the user, go to Organization tab, enter the job title and the manager by clicking in "Change" button and browse the manager. In my case I have entered "Ishan Shukla" as my manager.

I will do same actions with other users. Finally, I key in "Ishan Shukla" job title. We will notice that  AD automatically assign Ishan as manager of Aroh and Aman (Directly reports). 


Step 2:
Run the Incremental Synchronization
We need to go to Central Administration >> Application Management >> Manage Service Applications >> UPS >> Start Profile Synchronization >> Choose Start Incremental Synchronization.

In my previous blog post, I indicated for any new updates from AD we can perform this option.


Step 3:
Run the Profile Synchronization
We have to the profile synchronization service again to pull latest entities in AD.


 Once the Synchronization status is "Idle", we have to check if user details are populated successfully. Go to "Manage User Profiles", look for a user profile and click on the "Find" button. Once user is selected, go to "Edit My Profile".  

We will notice that Title and Manger fields have been updated in SharePoint too.

Step 4: 
Setting up the My Sites
We click on link "Setup My Sites" under "My Site Settings". Please note that "My Sites" is part of User profile service application.


We have not set up preferred search center yet, but we can put it blank. In the section "My Site Host", I have put following URL: http://sp2010:80/my/ and specified personal site location as  my/personal

We also have to specify the "My Email" Notifications email address. For my demonstration, I entered administrator@contoso.com and clicked OK button.

Note: I found a well detailed article from George and he has explained everything very clearly. He has leveraged an Enterprise Template while creating Site Collection and used managed path. I recommend to visit his blog.

Step 5: 
Configure Trusted Host Locations:
We need to configure the trusted host location.

Click on the "New Link"
We have to supply URL http://sp2010:80/my/ and the description.

One last point I would like to highlight is that we can manage user permissions (under People):

Those two accounts can do everything when it comes to SharePoint 2010 social features.
i) User Personal Features - SharePoint sites and distribution lists, my colleagues and colleagues recommendations, My Links and My Personalization Links etc
ii) Create Personal Site - Creates a "My Site" website that includes private home page and public profile page.
iii) Use Social Features - Use of tags, note board and ratings. 

These permissions are important because we can give permission to specific set of users.    

I have given permissions to users. For Ishan, I have given Site Owner permission on the top level site and Aman Visitor permission.

Step 7: 
When Aman log into SharePoint site, a message is shown

In few seconds My site is provisioned as shown below:
When user clicks on Organization tab and warning is shown to user.


After running the Silverlight, we can view shiny Silverlight user interface. 
When we click on "Edit My Profile", we are able to view all the SharePoint social fields (specifically in Newsfeed section) such as:
Tagging with my interests, rating, status message, tagging colleague, note broad post, birthday, new colleague and profile update. Features are similar as Facebook.
There is also a twitter functionality:
I noticed that, we go to "Content"  tab and it display a message like "User is not sharing any documents at this time."

Later I realized that I should go to "My Content"and displayed this message

and finally it showed up on the my "Content"
I hope this walk through was useful for you.
Cheers,
Aroh

References:
George blog
TechNet (Very Detailed and covers multiple farm configuration)

Friday, December 30, 2011

How to: Configure User Profile Service Application in Sharepoint 2010

Hi all,

SharePoint 2010 comes with rich set of new features that enhances Social Networking. I strongly recommend to visit Spencer Harbar website. He is MCM, enterprise architect and an authority when comes to user profile service application. In one of his podcasts, he agreed that UPSA (User Profile Service Application) and search service application are the most complex in terms of the configuration and hard to understand. And yes its really a wild beast to conquer UPSA. I thought,I will put all errors in terms of UPSA in a separate section but after reading his blog its crystal clear at least for me. 

Before I deep dive into step by step for UPSA, I would like to highlight brand new features of SP 2010 when it comes to social networking: 
  •  In MOSS 2007,we had some Web 2.0 technologies that pertain to social networking. SharePoint 2010 team has overhaul the social networking features such as User Profiles and My Sites.   
  • The User Profile Service (UPS) - This service is the heart of the "Social networking". It provides Web 2.0 and Facebook kind of functionality. SharePoint 2010 improves user visibility, people and skill search. In short, users can tag, blog functionality etc.
  • Essentially we are concerned about our user population and we leverage user account from external data source as well. The widely used data source is Active Directory.    
  • In MOSS 2007, we could populate AD users only one way i.e. AD -> SharePoint 2007. In SharePoint 2010, we have two way synchronization. SharePoint team has revamped and we have "ForeFront Identity Manager 2010" and its used as Windows Service. 
  • We can also configure "My Sites" via User Profile Service Application. Please note that My Sites is implemented as a Site Collection
In short, this table in brief describes the components of UPSA:

Services
Description
Usage
User Profile Service
It’s a service that resides on the SharePoint 2010. It’s NOT a Windows Service, but some .NET assemblies that do some work with profiles.   
Hosting User profiles
User Profile Synchronization Service 
It’s a wrapper responsible for the provisioning of the Forefront Identity Manager.    
Provide a synchronization service. (AD <-> SP 2010 two way sync)
Forefront Identity Manager
A bundled version of FIM that has two window services.
Provide a client which is useful for viewing progress and identifying errors.  

The forefront Identity Manager could be found at this location: C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe. I put MISSSClient as a short cut at my desktop.

In this walk through I will discuss only on "UPSA" and its configuration. Please note that I have used Spencer Harbar blog for my test environment to configure USPA. However, TechNet updated its content on 13 Dec 2011 and credited Harbor for his contribution.      


Step 1:
Prepare the platform
As suggested by Harbar, we should not use Farm Configuration Wizard (FCW) as its for configuring demo environments. However, my machine is a single box which has AD, SQL Server and SharePoint 2010 installed by default. But I will follow his instructions. 


He also suggested to check for Cumulative Updates (CU) to be installed and deployed for August 2011. I found a TechNet article about all patches and hot fix links. I recommend to bookmark this article in your favorites. I have installed SharePoint 2010 SP1 along with December 2011 update. Please keep in mind that both SharePoint Foundation 2010 and SharePoint Server 2010 have been updated.   

Step 2:
Configure Account and permissions
We have already created 4 services accounts in my previous blog post.  We have to give "sp_usersync" service account appropriate permissions so that this account could pull entries from the Active Directory.

Right click on the "sp_usersync" account and check its permissions as followed below:

Right click on the "contoso.com", navigate to the "Security" tab, click on the "Add" button and browse "sp_usersync" account.
Check the following permissions "Create all child objects" and "Replicating Directory Changes"
Step 3:
Create users
For the testing purposes I create 3 users as follows:

Step 4: 
Create the UPS Service Application
According to Harbar, its advisbale to have new User Profile Service Application. Navigate to SharePoint 2010 Central Administration >> Application Management >> Manage service applications. We create a new UPSA from the Ribbon,click new and User Profile Service Application. 
I named it UPS with this configuration:
Step 5:
Gearing up the UPSA service
Navigate to Central Administration >> System settings >> Click on "Managing services on server"
Step 6:
Start up UPS and UPSA services
By default "User Profile Service" is already started. We have to start the "User Profile Synchronization Service". I innocently clicked on "Start" while waiting for the service kick start. I have to supply the farm admin account which as sp_farm.

I knew it will take few minutes for UPSA to process. But after 4-5 minutes it again went to "Start" status as follows:

Apparently, I clicked numerous times to Start the UPSA but all my attempts were futile. I then found most amazing article from Spencer Harbar about User profile services and all its intricacies. Later I found a link which he explained in detail. We have to set up additional permissions to make UPSA work which are in my next steps.
   
Step 7:
Incorrect permissions
Navigate to the "Active Directory Users and Computers" console >> Users >> double click on the "Administrator" which is built-in account 
Go to the "Member" tab in the Administrator window and double click on "Administrators" (again its Built-in).
sp_farm account was not part of "Administrators". Thus, we have to Add that account as follows.
We again go to the  Central Administration >> System settings >> Click on "Managing services on server" and start the "User Profile Synchronization Service". It may take 5-10 minutes.

An IISreset is required if we are running on the same the server. My machine is single box, therefore I did IISreset.

If we are able to get this screen, that means we are able to sync AD to SharePoint successfully.


We have to check if these folders are created at the server "C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service". These folders would be empty.

 The last check which we have to perform is going to the services.msc console and FIM & FIM sync have been started.
Step 8:
Setting up the UPSA connections
Navigate to the Central Administration >> Application Management >> Manage service applications >> Click on "UPS"


We click on "Configure Synchronization Connections" under "Synchronization "

We then click on the "Create New Connection" as follows:

However, when I clicked on that link I got an exception.
I have reset
  • the SharePoint timer job, 
  • IISReset and 
  • Reboot the server. Its very important step.
Configuring is not easy! and we are not done yet.

Step 8:
Adding new synchronization connection
Navigate to the Central Administration >> Application Management >> Manage service applications >> Click on "UPS" >> click on "Configure Synchronization Connections". We will get default "Profiles", "Audiences" and "Profile Synchronization Settings" on right section as shown below:
We will notice that there is an option "Not Complied" under "Audiences" section.This means we have to make a new connection. We will again go back to  UPS service application and click on click on the "Create New Connection" as follows:

This time we have to configure new connection. These are my settings:

Connection Name : People
Type : Active Directory (There are other options such as Business Data Connectivity, IBM, Novell, Sun Java System Directory)
Connections Settings :
Forest name - contoso.com (we have to supply the AD forest name)
Authentication Provider Type  - Windows Authentication (default)
Account name - contoso\sp_farm
Password - sp2010!
Port - 389 (default)

Click on the "Populate Containers" button, we will be able to view all the entities of AD. I checked Users and my 3 users that will be populated onto SharePoint 2010.

Step 9:
Configure Synchronization Settings and Profile Synchronization

We click on the Configure Synchronization settings link.
 
We will follow these settings to synchronize entities:

  We then click on the "Start Profile Synchronization" link as shown:
It has be noted that we have to perform the Full Synchronization we don't have any connection so far. Later we can perform Incremental Synchronization for new updates from AD. Its similar to SharePoint 2007. 

As soon as we click on "OK" button SharePoint will run the synchronization service. We have to refresh periodically.
On the right bottom of the page, we have Synchronizing link. If we open that link we could see the progress of Synchronization.
 After few minutes the "Profile Synchronization Status" will be idle as shown:

We can also check the MIIS Client (Synchronization Server Manager) and its status:


We can check how many profiles have been imported to SharePoint 2010 by clicking "Manage User Profiles"
I searched for my name and clicked "Find" button.
I have created a top level site collection under "SharePoint - 80" web application and assigned myself as site owner. I logged into top level site collection and my name is displayed as follows:
I hope this walkthrough was useful for you.

Few Important Notes
  • Please note that my SharePoint 2010 machine is a single box. Thus, for multiple farm configuration you have go for NetBIOS Domain name or SQL Server Alias. Its beautifully described on Spencer article on "Stuck on Staring...". Single box is always easy to configure but multiple farm configuration could be a challenge.(My real world experience)
  • Always look out of SharePoint Cumulative updates and view the details. Last SharePoint 2010 CU was released in December 2011.     


Update 15 Jan 2012:

As I mentioned that single box is always easy. One of SharePoint 2010 administrators gave me two tier set up for SharePoint 2010 user profile service application. I appreciate her time give me steps.
  1. The configuration for two tier farm set up is as follows. Two Web Front Ends (WFEs) backed up SQL Server 2008 R2. 
  2.  In Central admin add it in the "Farm Administrators group"
  3. Add the service account in the following group
  4. Reboot the server.
  5. Navigate to SP 2010 Central Administration >> Manage Services on Server >>  "User Profile Sync Service" >> Start
  6. Key in  your Farm admin password and wait for 20 minutes.
Cheers,
Aroh

References:
SharePoint Server 2010 User Profile Synchronization (Spencer Harbar)
Stuck on Starting...(Spencer Harbar)
Troubleshoot User Profile Synchronization Service (TechNet)

Update 15 Jan 2012
User Profile Synchronization Service–Hangs on Starting (I fixed it!)
Configuring profile import in SharePoint 2010 (Shane Young SharePoint MVP)


Low Code Reimagined with AI + Copilot Pitch Deck - Copy Copilot day (Virtual) - 2023

 Hi All,  I presneded a session at Pune UG on Low Code Reimagined with AI + Copilot Pitch Deck.  Video is at this address  https://www.youtu...