Configure SharePoint 2013 Hostname based User Profile Service Application

Configure SharePoint 2013 Hostname based User Profile Service Application

Scenario: All Service Application configured except UPS.

  1. Have a cname record that redirect to existing My.svdomain.com Citrix LB VIP
  2. Create a new Web App with host header set to My.svdomain.com and using Farm admin account for App Pool
  3. Create a Quota Template with 5000 MB limit and 4000 MB warning
  4. Create a root site collection using ‘My Site Host’ template
  5. Go to CA > Manage Services on Server and start:
    1. User Profile Service on one app and two WFE servers
  6. Create User Profile Service Application
    1. SA Name: User Profile Service Application
    2. App Pool: SharePoint Web Services System
    3. Use PPMTest_ as prefix for databases name
    4. Profile Sync Instance: SPAppSrv01
    5. Mysite Host URL: http://My.svdomain.com
    6. MySite Managed Path: /personal
  7. Go to CA > Manage Services on server and turn on User Profile Synchronization Service on one App server. Enter the password for the service account there
    • That will enable two Forefront services in Windows Services console
      • Forefront Identity Manager Service
      • Forefront Identity Manager Synchronization Service
  8. Go back to Manage Service Application > User Profile SA Properties and make sure the Profile Sync instance has the correct server selected and click cancel.
  9. Make sure Service Account (Farm account) has permissions under User Profile SA > Administrators.
  10. Go to User Profile Service Application configure:
    1. Under My Site Settings > Setup My Sites: Under Email notifications, enter My_Sharepoint@svdomain.com as the sender email
    2. Under Configure Synchronization Connections, click ‘Create new connection’ to setup AD connection for profile sync.
      1. Connection Name: svdomain UserProfile ADSync Test
      2. Forest Name: svdomain.ds
      3. Account Name: svdomain\FarmAdmin
      4. Pass: Yourpass
      5. Populate Containers and select the AD OU levels to sync with.
        • svdomain.com
        • Main
          • Admin – checked
          • App – checked
          • Contacts – checked
          • Groups – checked
          • Journaling – checked
          • Users – [Check then uncheck these sub levels]
            • Migrated Users
          • Termed Accounts – checked
          • Users – checked
    3. Click on AD Connection Name and from dropdown choose ‘Edit Connection Filters’. Add user filter for userAccountControl Bit on equal 2. Click OK
  11. Review the Forefront Identity Manager client “C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe”
  12. Go to User Profile Service Application > Synchronization > Start Profile Synchronization. Perform a full sync. In case the profiles are not imported, review the FIM client for error.
  13. Assign AD Replicate Directory changes permissions to SharePoint account used in User Profile SA (Farm Admin)
  14. Reboot the servers if needed.

 

References:
  1.  https://technet.microsoft.com/en-us/library/hh296982.aspx
  2. User profile properties and profile synchronization planning worksheets for SharePoint Server 2013
  3. Plan user profiles in SharePoint Server 2013
  4. Planning worksheets for SharePoint 2013
  5. Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013
  6. Administer the User Profile service in SharePoint Server 2013
  7. Plan profile synchronization for SharePoint Server 2013 – Active Directory Domain Services
  8. FIM 2010 Technical Overview
  9. Creating User Profile Synchronization Exclusion Filters using the userAccountControl attribute
  10. Connection filter data types and operators in SharePoint Server 2013
  11. SharePoint 2013: User Profile Syncronization – Direct Active Directory Import
  12. First Look: SharePoint Server 2013 Active Directory Import
  13. Required User Profile Synchronization Permissions in Active Directory for SharePoint 2010

Leave a Reply

Enter the CAPTCHA * Time limit is exhausted. Please reload CAPTCHA.