sharepoint 2010 User Profile Service 与AD用户数据同步

[转 http://sharepointgeorge.com/2010/configuring-the-user-profile-service-in-sharepoint-2010/]

User Profile Service

Now that we have successfully configured our Managed Metadata service we can now focus our attention on the User Profile Service.  The User Profile Service provides our SharePoint farm with all the social networking features that we have come to love in SharePoint 2007, plus more.  It forms the basis of My Site support, User profile pages, Audiences and some of the newer features in SharePoint 2010 social computing such as social tagging.

Before we begin, we need to ensure that our Farm account (DOMAIN\sp_farm) is listed as a member of the Local Administrator’s group where the User Profile Synchronization (UPS) service will be deployed.  Please make a note to remove the DOMAIN\sp_farm account from the Local Administrator’s group after provisioning the User Profile Synchronization service.  Please also note, that if you ever have to re-provision the UPS service at a later date, that you will need to ensure the DOMAIN\sp_farm account is added back to the Local Administrator’s group.

Let’s now navigate to Central Administration / Application Management / Manage Service Applications.

Click New and select “User Profile Service Application”

The “Create New User Profile Service Application” window pops up in which you will enter the following details; (you will obviously enter in the details based on your environment setup)

Name: User Profiles

Create new application pool: SharePoint – User Profiles

Register a new managed account: e.g. DOMAIN\sp_userprofiles (nb: this account will need to be provisioned in Active Directory first)

Enter your Profile Database server details and database authentication.  You will notice that SharePoint 2010 introduces the ability to configure Failover Server which allows you to associate your SharePoint databases with another SQL server for failover purposes utilising SQL Server database mirroring.   We will not specify a Failover Database server for any of our databases at this present time.

Specify your Synchronization Database which is used to store configuration and staging data for synchronization of profile data such as that from Active Directory.

Next, specify your Social Tagging Database which is used to store tags and notes that are created by users.  Social Tagging is a new feature in SharePoint 2010 which is not only displayed against the items that user’s are tagging, but are also displayed in the user’s activity feed.

Next, select your Profile Synchronization Instance Server.

In the proceeding section, we will not create a My Site Host URL and will leave this for part two of this series.

Click Create.

You should now have the User Profiles service application listed and  started.

We will now venture back into Central Administration / System Settings / Manage services on server.

Scroll down to the User Profile Service and User Profile Synchronisation Service and start both.  The User Profile Service should start without any further user interaction, however the User Profile Synchronization Service will ask for your SharePoint Farm credentials.

Click Ok.

Both services should now be listed as started.

This in turn, will correctly configure and start our ForeFront Identity Manager Windows Services (FIM).

At this point, it is imperative you run an IIS reset.  Even better, just reboot the machine 

We will now configure our User Profile Connection to our Active Directory Domain.

Navigate to Central Administration / Application Management / Manage Service Applications.

Click on User Profiles / Manage.

Click on Configure Synchronizations connections / Create New Connection.

Enter the follow details;

Connection Name:

Type: Active Directory

Auto discover domain controller or specify a domain controller

Authentication Provider Type: Windows Authentication

Account Name / Password:

Port: 389

Click on Populate Containers

Click OK.

Your connection should now be listed as follows upon successful creation.

We can now easily setup connection filters against our Active Directory User Profile connection by clicking on the connection that was just created and selecting “Edit Connection Filters”.

Specify and Add any User or Group exclusions and then click OK.

Next we will Configure a Synchronization Timer Job via Central Administration / Application Management / Manage Service Applications / User Profiles.

Click Enable

We will finish off by initiating a full synchronization via Central Administration / Application Management / Manage Service Applications / User Profiles / Start Profile Synchronization.

In order to confirm that the import was a success, the Number of User Profiles should now be set to the number of users in your organization, in my case I have 269 dummy users in my Active Directory domain.  Word of note; this will take some time and is considerably slower than an Active Directory User Profile import in SharePoint 2007.

You can also venture into Manage User Profiles and search for users (please take note that SharePoint 2010 does not display any users by default and that you will have to search for them).

Edit a User Profile to ensure that all the necessary Active Directory attributes were successfully imported.

We have now successfully completed a User Profile Synchronization which will form as a basis for User’s My Sites in my next article.  Until then, happy SharePointing!!