Sharepoint 2010 profile sync. Microsoft, really? I mean, really?

27 10 2010

Trying to get profile sync to work is like trying to convince an 8 year old brussel sprouts are yummy. Cuz they aren’t yummy at all, but they are apparently good for you. Damn you nature.

Thanks to Scott Ellis for uncovering this mystery. Dude knows his shizzle!

So onto relevance. Getting profile sync to work on sharepoint 2010. Here is how:

Preparing SharePoint for Profile Sync

  1. Once installation is complete we want to add the SQL, SPAdmin, and SPFarm accounts to Managed Accounts. Prior to the next step.  Also make sure SPFarm is a local admin on the APP Server.
  2. From Central Administration, we will then create two new Web Applications (my.sharepointsite.com & sharepointsite.com)
  3. When creating the first one it does not matter the order, also create a Application Pool named SharePoint Content using the Domain\SPAdmin Managed Account. When creating the second one, select the existing application pool (SharePoint Content).
  4. In the my.tripwire.com web application create a site collection using the My Site Host template. We also enable self service site creation at this stage, to ensure no errors in the future. If you go to the mysite web app you will get an error stating the User Profile Service is not available. This is the expected behaviour at this point.

Create the UPS Service Application

  1. In Central Admin, go to Application Management, Manage service applications
  2. From the Ribbon, click New, followed by User Profile Service Application
  3. Give it a Name of “User Profile Sync Service Application”
  4. Create a new App Pool “SharePoint Web Services Default” and use the TSS\SPAdmin managed account
  5. Accept the defaults for the three Databases (as this follows our naming convention)
  6. Select the machine in the farm running FIM
  7. Enter the URL of the mysite host
  8. Accept the Managed Path, and site naming scheme.
  9. Click Create, and wait while the Service Application, Service Connection and Databases are created.

Configuration of User Profile Sync related SharePoint Services

  1. In Central Administration, System Settings, Manage Services on server
  2. Select the machine in the farm in which UPS will be running
  3. Start the User Profile Service (no options) (if not already started)
  4. Start the User Profile Sync Service (you will get a configuration window)
  5. Select the Service App “SharePoint Web Services Default”  you created in the previous section
  6. Enter the Farm Account password and click OK. (if the Farm Admin Account is not here at this time…..danger. This will fail…….STOP and Contact your Consultant.)
  7. Otherwise this will take 20 minutes sometimes to validate…Wait
  8. Even though the screen returns immediately the status for the UPS Service will show starting for a while.
  9. It’s provisioning the FIM services and a bunch of other stuff – baseline time is 240 seconds.
  10. Once it no longer shows STARTING.  Move to the next step…not before.
  11. An IIS Reset is required if central admin is on the same box as FIM. I recommend a restart to the Server at this time.
  12. Once it’s sorted you can see in services.msc that the two FIM services are running as the farm account, you can run MIISclient (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and run MSIISClient.exe) and it will connect etc.
  13. You can now remove the Farm account from local administrators.
  14. Depending upon your machine/farm configuration you will also need to enable inbound network connections to MSDTC on (PDXWeb06). This step is only needed if you are running a named instance of SQL Server.

We can now Configure the connection and do a sync.  But this can all be done from Central Administration.

  1. From Central Administration, Application Management, Manage Service Applications
  2. Click to the right of the UPS Service App and then the Manage button on the Ribbon bar
  3. In the Synchronization Area, we want to create a new Configure Synchronization Connections
  4. Click Create New Connection
  5. Use a solid naming convention (Connection to AD 2003)
  6. Select the Type (Active Directory)
  7. Enter the Forest Name
  8. Choose Windows Authentication
  9. Enter the Domain\SPProfileSync account credentials for the connection
    (this is the important bit – this is the credential set leveraged by FIM to replicate and communicate to AD)
  10. Click the Populate button, and this will test the credentials entered and show a Container Hierarchy tree view.
    1. If you don’t get a result the above information is not right, recheck the Forest, or the SPProfileSync Credentials.
    2. Select the TSS Domain, you should see your OU’s, select a OU! You now want to review and select the correct OU.
    3. See that Select All button? DO NOT SELECT ALL ____EVER!  You get EVERYTHING.
    4. Save the connection by clicking OK. Your connection will be saved and you will be returned to the manage connections page.
    5. Navigate back to Manage Profile Service
    6. In the Synchronization Section click Start Profile Synchronization
    7. On the Start Profile Synchronization page, click OK.
    8. Refresh the Manage Profile Service Page, you will see the progress on the right hand side.
    9. Now wait, this can take a long time.
    10. Click the details link to see the Manage Profile Service page DO NOT automatically refresh.
    11. You can also see progress by running miisclient.exe if you have that still up and running.
    12. Note that sync has stages, MIIS will report its complete, but SharePoint still has work to do. Be patient! Even for a import there are eight stages, each of which will be reported in the pop up dialog.   This can be a long process.
    13. Once it’s complete you will see your imported profiles in the Profiles status on the top right and also in the Manage User Profiles page.

I hope this help you all. It did for me. it does take a couple of tries to get the hang of it.
Nando

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: