How to Configuration the User Profile Service in SharePoint 2010

3/22/2012 Date: 10:00:00 AM Posted By SharePoint

Step by step guide in setting up the User Profile Service application, focusing on its configuration and administration and how we can enable the creation of user profiles via an Active Directory import .

SharePoint 2010 introduces the notion of "Service Applications" which build's upon the "Shared Services Provider (SSP)" which was introduced in SharePoint 2007.  Service Applications are individual services that can be configured independently and can be shared across other sites within your farm with some service applications that can also be configured across farms.

The individual service applications provided with SharePoint 2010 are listed as follows;

  • Access Services
  • Business Data Connectivity
  • Document Conversion
  • Excel Services
  • Managed Metadata Service
  • PerformancePoint
  • Search Service
  • Secure Store
  • State Service
  • Visio Graphics Service
  • User Profile Service

This article will build upon our initial SharePoint 2010 install utilizing the least privilege model which I have documented How to Install SharePoint 2010 using Least Privilege Service Accounts, so check it out if you haven't already done so.

Managed Metadata Service

The User Profile service requires that the Managed Metadata Service is setup and configured first before attempting setting up our first User Profile Service.  The Managed Metadata service allows you to utilize managed metadata and provides you with the ability to share content types across sites.  You can read more about Managed Metadata here.

To setup our Managed Metadata Service, navigate to Central Administration / Application Management / Manage Service Applications.

Click New and select "Managed Metadata Service"

Enter the follow details;

Name: Managed Metadata Service

Database Server: <server_name>

Database Name: Managed Metadata DB

I will utilize the sp_farm account for the Application Pool Identity.

Click Create.

Lastly, navigate to Central Administration / System Settings / Manage services on server and start the Managed Metadata Web Service.

User Profile Service

Now that we have successfully configured our Managed Metadata service we can now focus our attention on the User Profile Service.  The User Profile Service provides our SharePoint farm with all the social networking features that we have come to love in SharePoint 2007, plus more.  It forms the basis of My Site support, User profile pages, Audiences and some of the newer features in SharePoint 2010 social computing such as social tagging.

Before we begin, we need to ensure that our Farm account (DOMAIN\sp_farm) is listed as a member of the Local Administrator's group where the User Profile Synchronization (UPS) service will be deployed.  Please make a note to remove the DOMAIN\sp_farm account from the Local Administrator's group after provisioning the User Profile Synchronization service.  Please also note, that if you ever have to re-provision the UPS service at a later date, that you will need to ensure the DOMAIN\sp_farm account is added back to the Local Administrator's group.

Let's now navigate to Central Administration / Application Management / Manage Service Applications.

Click New and select "User Profile Service Application"

The "Create New User Profile Service Application" window pops up in which you will enter the following details; (you will obviously enter in the details based on your environment setup)

Name: User Profiles

Create new application pool: SharePoint – User Profiles

Register a new managed account: e.g. DOMAIN\sp_userprofiles (nb: this account will need to be provisioned in Active Directory first)

Enter your Profile Database server details and database authentication.  You will notice that SharePoint 2010 introduces the ability to configure Failover Server which allows you to associate your SharePoint databases with another SQL server for failover purposes utilising SQL Server database mirroring.   We will not specify a Failover Database server for any of our databases at this present time.

Specify your Synchronization Database which is used to store configuration and staging data for synchronization of profile data such as that from Active Directory.

Next, specify your Social Tagging Database which is used to store tags and notes that are created by users.  Social Tagging is a new feature in SharePoint 2010 which is not only displayed against the items that user's are tagging, but are also displayed in the user's activity feed.

Next, select your Profile Synchronization Instance Server.

In the proceeding section, we will not create a My Site Host URL and will leave this for part two of this series.

Click Create.

You should now have the User Profiles service application listed and  started.

We will now venture back into Central Administration / System Settings / Manage services on server.

Scroll down to the User Profile Service and User Profile Synchronisation Service and start both.  The User Profile Service should start without any further user interaction, however the User Profile Synchronization Service will ask for your SharePoint Farm credentials.

Click Ok.

Both services should now be listed as started.

This in turn, will correctly configure and start our ForeFront Identity Manager Windows Services (FIM).

At this point, it is imperative you run an IIS reset.  Even better, just reboot the machine

We will now configure our User Profile Connection to our Active Directory Domain.

Navigate to Central Administration / Application Management / Manage Service Applications.

Click on User Profiles / Manage.

Click on Configure Synchronizations connections / Create New Connection.

Enter the follow details;

Connection Name:

Type: Active Directory

Auto discover domain controller or specify a domain controller

Authentication Provider Type: Windows Authentication

Account Name / Password:

Port: 389

Click on Populate Containers

Click OK.

Your connection should now be listed as follows upon successful creation.

We can now easily setup connection filters against our Active Directory User Profile connection by clicking on the connection that was just created and selecting "Edit Connection Filters".

Specify and Add any User or Group exclusions and then click OK.

Next we will Configure a Synchronization Timer Job via Central Administration / Application Management / Manage Service Applications / User Profiles.

Click Enable

We will finish off by initiating a full synchronization via Central Administration / Application Management / Manage Service Applications / User Profiles / Start Profile Synchronization.

In order to confirm that the import was a success, the Number of User Profiles should now be set to the number of users in your organization, in my case I have 269 dummy users in my Active Directory domain.  Word of note; this will take some time and is considerably slower than an Active Directory User Profile import in SharePoint 2007.

You can also venture into Manage User Profiles and search for users (please take note that SharePoint 2010 does not display any users by default and that you will have to search for them).

Edit a User Profile to ensure that all the necessary Active Directory attributes were successfully imported.

We have now successfully completed a User Profile Synchronization which will form as a basis for User's My Sites in my next article.  Until then, happy SharePointing!!

References

User Profile Service administration (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ee721050.aspx

Configure profile synchronization (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ee721049.aspx

Related Posts



Tag: ,

How to Configuration outgoing email in SharePoint 2010 with Exchange 2010 – Step by Step Guide

3/19/2012 Date: 9:18:00 AM Posted By SharePoint

In my How to Configuration incoming email in SharePoint 2010 with Exchange – Step by Step Guide I provided you with a guide in setting up your SharePoint 2010 farm providing it with the capabilities in receiving incoming email which can then be delivered directly to your SharePoint libraries and or lists.  Today we wrap up our 2 part series on email flow in SharePoint 2010 in which I will provide you with another step by step guide in configuring your SharePoint Farm in order for it to send outgoing emails through your Microsoft Exchange server.

The environment

This article builds on the SharePoint Farm setup that I have documented here. It consists of the following servers which would form a common basis in most large organizations.

  • Windows 2008 R2 server running Active Directory Domain Services
  • Windows 2008 R2 server running SQL 2008 R2
  • Windows 2008 R2 server running SharePoint 2010 RTM
  • Windows 2008 R2 server running Exchange 2010 RTM
  • Windows 7 client running Office 2010 RTM

SharePoint 2010 allows you to configure any SMTP service including the one which I had setup in my previous article to send outgoing email, however we will utilise Exchange 2010 (same instructions apply for Exchange 2007) to provide email delivery to our end users.  Instructions on configuring the SMTP service (i.e. you are not using Microsoft Exchange in your environment) can be found on TechNet.

Creating a Receive Connector in Exchange 2010 

If you recall from my previous article  How to Configuration incoming email in SharePoint 2010 with Exchange – Step by Step Guide, we created a "Send Connector" in Exchange to forward the messages to the SMTP service that we had configured and installed.  This time round we will create a "Receive Connector" in Exchange 2010.

Launch the Exchange Management Console and navigate to Server Configuration / Hub Transport / New Receive Connector.  The New Receive Connector wizard is invoked.

Enter a descriptive name and ensure "Custom" is selected as the intended use.

Click Next

Leave "All Available IPv4" in your Local Network settings unless you have specific Exchange IP requirements.

Click Next

Edit the IP address of your SharePoint 2010 server.

Click Next

Click New

You will now notice that our SharePoint 2010 Outgoing mail connector is listed with our default Exchange 2010 Receive Connectors..

We will now venture into its properties and make a minor permission change.  Click on the "Permission Groups" tab and select Anonymous users.

Click Apply.

Configuring outgoing email in SharePoint 2010 Central Administration

Launch Central Administration and navigate to System Settings / E-Mail and Test Messages / Configure outgoing e-mail settings.

Enter your Outbound SMTP server, i.e. your Exchange server where we created our receive connector and specify a From and Reply-to address.

Click OK

Testing our configuration

Lets navigate to our SharePoint 2010 web application and create an Alert .  In my example I will create an immediate alert for Announcements.

Navigate to your Announcement List and click on List Tools/List and then click on "Alert Me" located in the ribbon interface.

Select "Set alert on this list" and select your Alert options.  Ensure that you have "send notifications immediately" selected for testing purposes.

Click OK

You should receive your notification email that you have successfully subscribed soon after creating your alert.

I will now create a Test Announcement to ensure that the actual alert is delivered.

Alas! 5 minutes later (based on the immediate timer job definition schedule) we have received our email alert confirming that our SharePoint configuration with Exchange was successful.

Did you know that you can also configure outgoing email for a specific Web application?  You might want to do this if you have multiple SharePoint Web Applications hosting specific site collections and would want a different From and or Reply Address setup.

Even though we are now going to configure outgoing email for a specific Web application, you are still required to setup the default farm outgoing email settings as per the above.

Configuring outgoing email for a specific Web application in SharePoint 2010 Central Administration

Launch Central Administration / Application Management / Manage Web Applications.

Select one of your Web Applications and then select "General Settings" from the Ribbon.

Select "Outgoing E-Mail" from the drop down.

It will pick up your default farm settings that we entered in earlier in which you can now change the From and Reply-to address to something more specific for the selected Web application.

Click OK

We are done!  I hope you have found this step by step guide in configuring outgoing email in SharePoint 2010 with Exchange useful, and stay tuned as we continue our journey in configuring our SharePoint 2010 Farm.

Articles in this series 

 

Related Posts



Tag: ,

Several types of field assignment and getting value methods of sharepoint2010

3/16/2012 Date: 9:35:00 AM Posted By SharePoint

1. date type of queries need to be converted,method as follows:

//Conversion time

string startdate = SPUtility.CreateISO8601DateTimeFromSystemDateTime(DateTime.Now);

2. Obtain the value of the user types:

public List<WorkManEntity> GetUsersFromSPFieldUser(SPListItem item,string key)  {      List<WorkManEntity> fUsers = new List<WorkManEntity>();       SPFieldUser uField = item.Fields[key] as SPFieldUser;      //This place can not judge the election, if the radio can get rid of
     if (uField.AllowMultipleValues)  // Allow multiple selections      {            SPFieldUserValueCollection userValues = item[key] as SPFieldUserValueCollection;            foreach (SPFieldUserValue userValue in userValues)            {                 if (null != userValue.User)                 {                      WorkManEntity user = new WorkManEntity();                      user.LookUpID = userValue.LookupId;                      user.LookUpValue = userValue.LookupValue;                      user.loginName = userValue.User.LoginName;                      //add list                      fUsers.Add(user);                 }             }       }        return fUsers;  } 3. assigned to the user type
SPFieldUserValueCollection uvc = new SPFieldUserValueCollection();  SPUser pu = web.EnsureUser(user.loginName);   uvc.Add(new SPFieldUserValue(web, pu.ID, pu.Name));  //user type
 newListitem["Overtime member"] = uvc;

Related Posts



Tag: ,

How to Configuration incoming email in SharePoint 2010 with Exchange – Step by Step Guide

3/15/2012 Date: 1:03:00 PM Posted By SharePoint

will provide you with a comprehensive step by step guide in configuring your SharePoint 2010 server in conjunction with Exchange 2010, to provide successful delivery of incoming email directly to your SharePoint Web Applications.

The environment

This article builds on the SharePoint Farm setup that I have documented

. It consists of the following servers which would form a common basis in most large organizations.

· Windows 2008 R2 server running Active Directory Domain Services

· Windows 2008 R2 server running SQL 2008 R2

· Windows 2008 R2 server running SharePoint 2010 RTM

· Windows 2008 R2 server running Exchange 2010 RTM

· Windows 7 client running Office 2010 RTM

The SMTP service

SharePoint 2010 is reliant on the SMTP service which is a Windows 2008 feature and we must install this on our SharePoint 2010 front-end web server.

Navigate to your Start Menu / Administrative Tools / Server Manager.  Click on the Features node and select Add Feature.  Scroll down and select SMTP Server and click on Add Required Role Services.

clip_image001

Click Next, Next and Install.

clip_image002

Click Close

We now need to install the II 6.0 Management Tools on our Windows 2008 R2 server in order to configure our SMTP service.  If IIS 6.0 Manager is not already installed you must do so via, Start / Administrative Tools / Server Manager.  Click on the Roles node and select Role / Add Role Services.  Then select Management Tools and IIS 6 Management compatibility.  Click Install.

We can now launch the IIS 6 Manager via Start / Administrative Tools.

clip_image003

Right click on SMTP Virtual Server #1 and select properties.

Under the General tab, I have enabled logging and encourage doing so at the start in the event we need to do some troubleshooting.  You can turn logging off after successful testing.

clip_image004

Click on the next tab, "Access".

Click on "Authentication" and ensure that Anonymous access is selected.

clip_image005

Next, click on "Connection" and ensure "All except the list below" is selected.

clip_image006

Finally, click on "Relay", and ensure that "Only the list below" is selected and that "Allow all computers which successfully authenticate to relay, regardless of the list above" is also checked.

clip_image007

Now click on the Messages Tab and make any necessary adjustments that you see fit, such as potentially increasing the message size to allow for the delivery of larger emails with attachments into your SharePoint Libraries and Lists

clip_image008

Next click on the Delivery Tab in which I normally leave all the defaults in place.

clip_image009

We can skip the LDAP routing tab as there are no settings required to be configured in this area.

Lastly, the Security tab should list the default permissions as per the below.  No changes are necessary in this area.

clip_image010

We next journey into the "Domains" are within IIS 6 Manager and a domain name should be listed, which by default is the fully qualified domain name of the machine.

Right click on the Domain Name and select properties and take note of the Drop directory.

clip_image011

Finally, we now just need to confirm that our SMTP service is set to start automatically in the event the server is restarted.  I can tell you now that the service is by default set to Manual.

Venture into Start / Administrative Tools / Services.

Scroll down your list of services and ensure that the Simple Mail Transfer Protocol (SMTP) is set to Start-up type, Automatic.

clip_image012

We have now completed the configuration of our SMTP service on our SharePoint Server.

Exchange 2007/2010 Connectors

Part two of the implementation of configuring incoming email in SharePoint is to configure our connectors in Microsoft Exchange.  Now even though this is not a requirement, most organisations running SharePoint 2010 or 2007 will also be running a recent version of Microsoft Exchange, hopefully either 2007 or 2010.  Exchange 2010 or 2007 will provide you with that extra layer of protection ensuring that all the necessary message hygiene has been performed via its inbuilt Anti Spam Agents on the Edge or Hub Transport Server in conjunction with some form of email antivirus such as Microsoft's Forefront for Exchange, before the message is delivered to the SharePoint 2010 List or Library.

My instructions and screen captures below are from an Exchange 2010 server which are pretty much identical and applicable to Exchange 2007.

Let's begin by launching the Exchange Management Console / Organization Configuration / Hub Transport.

Click on Send Connectors / Actions / New Send Connector.

Type in a descriptive name for your Send Connector and then select Internal as the type.

clip_image013

Click Add and enter the Address space as the fully qualified domain name of the server where the SMTP service is installed (i.e. your SharePoint Server)

clip_image014

Click Next

Enter the IP address of the server which also hosts the SMTP service.

clip_image015

Click Next

Select "None" as your smart host authentication settings

clip_image016

Click Next

Ensure your Hub Transport Server has been added.

clip_image017

Click Next

clip_image018

Click New and then click Finish

The end result will be that the Send connector will route email to the SMTP service sitting on our SharePoint Server.

clip_image019

The Directory Management Service

SharePoint 2010 allows you to leverage Active Directory Domain Services (AD DS) so that contacts that are created when you email enable document libraries or lists are stored in a designated Organizational Unit within your AD DS infrastructure.  So why would you want to enable Directory Management Service?  Purely for the fact that by storing these contacts in AD, you are allowing your users to locate email enabled libraries and lists easily from within their Outlook Address book.

Let's begin by creating an Organizational Unit in Active Directory.

From your Active Directory server, click Start / Administrative Tools / Active Directory Users and Computers.

Right click on your domain object and select New / Organizational Unit

Type in a descriptive name

clip_image020

Click Ok.

The next step is imperative and very important that we get this right.  I have seen on many occasions where incorrect permissions were applied and all sorts of problems were encountered when libraries or list were email enabled.

In summary, we need to provide our Central Administration Application pool identity account specific permissions to our recently created Organizational Unit to be used for creating and deleting contacts for our SharePoint 2010 libraries and lists when they are either email enabled or email disabled.

Right click on the recently created Organizational Unit and click on Delegate Control.  This will invoke the Delegation of Control Wizard.

clip_image021

Click Next.

We will now add the Central Administration application pool account which you can confirm from IIS Manager as per the below screen capture.

clip_image022

Add the necessary Account.

clip_image023

Click Next.

Click Create a custom task to delegate.

clip_image024

Click Next

Click "This folder, existing objects in this folder, and creation of new objects in this folder'.

clip_image025

Click Next

Click on Create All Child Objects and Delete All Child Objects.

clip_image026

Click Finish.

Before we finish off our configuration of AD DS and the Directory Management Service we need to provide our Central Administration application pool account with Delete Subtree permissions.

We need to ensure that "Advanced Features" from within Active Directory Users and Computers (ADUC) is active before we venture into the security tab of our SharePoint organizational unit.  If you do not enable Advanced Features, the security tab will not be visible.

From within ADUC, click on View and select Advanced Features.

Right click on our SharePoint 2010 Organizational Unit and select Properties.

Click on the Security Tab / Advanced /and Edit the CA Application Pool Identity Account.

clip_image027

Select Allow for "Delete Subtree"

clip_image028

Click on OK and Apply.

After assigning these permissions, you must run IISRESET on your SharePoint server.

Configuring Incoming e-mail settings in Central Administration

Navigate to Central Administration / System Settings / Configure incoming e-mail settings.

clip_image029

Select Yes to "Enable site on this server to receive e-mail"

Select "Automatic" for Setting mode.

Select "Yes" to use the SharePoint Directory Management Service to create distributions groups and contacts.

Enter your Active Directory container details, i.e. the Organizational Unit container that we created specifically for our SharePoint 2010 contacts.

Ensure that your SMTP server details are correct, this should be the fully qualified domain name of your SMTP service that was installed on your SharePoint Server.

clip_image030

Finally, ensure "Accept mail from all e-mail servers" is selected.

clip_image031

Click OK.

Please note that this process will configure the necessary permissions on the email drop folder listed in IIS 6 Manager.  In summary, the following permissions are added;

WSS_Admin_WPG – Full Control and

WSS_WPG – Read & Execute / List folder Contents / Read

clip_image032

Ensure that these accounts are added successfully and on the rare occasion in which it isn't, you will need to add them manually.

Testing the configuration

From within any document library or list, click on Library / Library Settings.

clip_image033

Click on Incoming e-mail settings.

Select "Yes" to allow this document library to receive e-mail.

Select your email attachment options and ensure that Save original e-mail is set to Yes.

Lastly, ensure that you Accept e-mail messages from any sender is selected.

34

Click OK.

This is your first step to ensure that all of the above configuration is in place.  If you do receive an error, it's most likely going to be permissions related against your Organizational Unit, i.e. SharePoint may not have the privilege to add the contact in Active Directory.

Let's navigate back to ADUC and confirm that our "testing" contact is created under the SharePoint 2010 Contacts Organizational Unit.

35

Let's next navigate to our Exchange 2010 server and ensure it is also listed there with an SMTP address against it.

Launch your Microsoft Exchange Management console and navigate to Recipient Configuration / Mail contact.

36

Right click on the Contact and select Properties / E-Mail Addresses.

Ensure that both an internal and external routable email address is listed.

37

From your favorite email client, send a test email to the document libraries' external SMTP address.

Navigate to your recently email enabled document library and hopefully after a couple of minutes (SharePoint Job timer service delay) you should have received your test email.

38

Well! That's all that is to it, from start to finish.  Apart from sending a test email, there are a couple of other scenarios that you should test to ensure complete seamless integration with the SharePoint 2010 Directory Management Service.  Within the same document library, modify the email address to something different and ensure that this change also flows through to Active Directory. You should also try disabling incoming email from that same library and ensure that the contact is completely removed from Active Directory.  If you pass all of these tests scenarios, then we are comfortable in knowing that the correct delegation was provided to our Central Administration Pool Account against our SharePoint Contacts Organizational Unit.

I hope you have found this step by step guide in configuring incoming email in SharePoint 2010 with Exchange useful, so stay tuned as we continue our journey in configuring our SharePoint 2010 Farm.

Related Posts



Tag: ,

Subscribe to: Posts (Atom)