SharePoint: Setup and Configure User Profile Services

 

Like many others, I’ve run into countless problems getting the profile sync service to function properly.  This is a high level overview of what I’ve found that worked, and was repeatable.

SQL Server

• Install SQL 2008 R2 on SQL Server
  • Database Engine Services
    • Full-Text Search
  • Analysis Services
  • Management Tools – Basic
    • Management Tools – Complete
  • SQL Client Connectivity SDK

• Set appropriate Permissions:
  • Log on as a service – SQL Service Accounts
  • Access this computer from the network – SQL Service Accounts
  • SQL Permissions for Setup User Account
    • Security Admin
    • Dbcreator

SharePoint Server

• Fully Patch Server (OS Only) via Windows Update
• Set appropriate Permissions:
  • Access this computer from the network – Authenticated Users
  • Local Administrators Group – Setup User Account, and Farm Service Account
  • Log on as a service – SharePoint Farm Service Account

• Install SharePoint 2010 PreReq’s
• Run the MoveIIS7Root script (http://www.thesanitypoint.com/archive/2010/06/29/sharepoint-2010-and-the-c-drive.aspx)
• Install KB976127 (ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows 2008 R2)
• Install KB976462 if applicable
• Install SharePoint 2010
• Run the "SharePoint Products Configuration Wizard" (while logged into the SharePoint server with the Setup User Account)
  • When Prompted for an account to connect to SQL with, this is the FARM service account, not the Setup User Account

• Create necessary SharePoint accounts (in SharePoint) will need the access this computer from the network local security policy
  • Application Pool Root
  • Application Pool MYSP
  • Content Access Account
  • Shared Services 1
  • Profile Sync

• Create the root Web Application sp2010.mydomain.com:10000 or whatever
  • Create the root site collection
  • Modify IIS binding to listen on specific IPv4 Address
    • 1 – Hostheader – IP – randomport
    • 2 – hostheader – IP – Port 443
  • Modify Alternate Access Mapping
    • Default – Port 433
    • Custom – Random Port

• Start the ‘User Profile Service’
• Create MySite Host Web Application/root site collection (My Site Host)
  • Create a ‘Managed Path’ named ‘Personal’ on the MySite host Web Application
  • Create MySite Host as root site collection
  • Modify IIS binding to listen on specific IPv4 Address
    • 1 – Hostheader – IP – randomport
    • 2 – hostheader – IP – Port 443
  • Modify Alternate Access Mapping
    • Default – Port 443
    • Custom – Random Port

• Start "Managed Metadata Service" on one of the SharePoint Farm servers.
• Create new Managed Metadata Service
• Create User Profile Service Application
  • Use the Profile Sync account for the associated application pool

• Start ‘User Profile Synchronization Service" from the Services on Server list
  • Monitor the Timer Job Status for ‘ProfileSynchronizationSetupJob’ this is one of most likely steps that will FAIL, if it takes longer than 30-45 seconds to run the job, chances are it is working. Wait till this is complete before proceeding.
    • Once the timer job disappears verify that the ‘User Profile Synchronization Service’ is now started.
  • Once finished do an iisreset /noforce

• Create a new ‘Profile Synchronization Connection’
  • If you cannot access the ‘Manage Profile Service’ applet, try rebooting, sometimes the FIM services don’t respond properly after starting the ‘User Profile Synchronization Service’.
  • Use the Profile Sync account when creating the profile synchronization connection
  • The Profile Sync account will require ‘Replicate Directory Changes’ at the root of the domain.

Run a profile Sync to verify profile sync is working (can take several hours)

• To monitor the progress, and assist trouble shooting any sync issues at this point you can use the miisclient located at <Install Directory>\Microsoft Office Servers\14.0\Synchronization Service\UIShell\

If everything is working at this point, you can proceed with building out the rest of the farm.

• Configure alternate access mappings/IIS 443 settings for Central Admin, the Root Web App, and the MYSP Web App.

Step by Step Profile Sync info:

http://technet.microsoft.com/en-us/library/ee721049.aspx

The following blogs were extremely helpful in getting the Profile Sync service functional. I’d like to thank both Jie Li, and Francois Pienaar for posting.

http://blogs.msdn.com/b/opal/archive/2009/11/19/user-profile-sync-setup-in-sharepoint-server-2010-beta.aspx

http://technicallead.wordpress.com/2010/03/08/user-profile-sync-setup-in-sharepoint-2010-beta/

Advertisement