Configure SharePoint 2013 Hostname based User Profile Service Application
Scenario: All Service Application configured except UPS.
- Have a cname record that redirect to existing My.svdomain.com Citrix LB VIP
- Create a new Web App with host header set to My.svdomain.com and using Farm admin account for App Pool
- Create a Quota Template with 5000 MB limit and 4000 MB warning
- Create a root site collection using ‘My Site Host’ template
- Go to CA > Manage Services on Server and start:
- User Profile Service on one app and two WFE servers
- Create User Profile Service Application
- SA Name: User Profile Service Application
- App Pool: SharePoint Web Services System
- Use PPMTest_ as prefix for databases name
- Profile Sync Instance: SPAppSrv01
- Mysite Host URL: http://My.svdomain.com
- MySite Managed Path: /personal
- Go to CA > Manage Services on server and turn on User Profile Synchronization Service on one App server. Enter the password for the service account there
- That will enable two Forefront services in Windows Services console
- Forefront Identity Manager Service
- Forefront Identity Manager Synchronization Service
- That will enable two Forefront services in Windows Services console
- Go back to Manage Service Application > User Profile SA Properties and make sure the Profile Sync instance has the correct server selected and click cancel.
- Make sure Service Account (Farm account) has permissions under User Profile SA > Administrators.
- Go to User Profile Service Application configure:
- Under My Site Settings > Setup My Sites: Under Email notifications, enter My_Sharepoint@svdomain.com as the sender email
- Under Configure Synchronization Connections, click ‘Create new connection’ to setup AD connection for profile sync.
- Connection Name: svdomain UserProfile ADSync Test
- Forest Name: svdomain.ds
- Account Name: svdomain\FarmAdmin
- Pass: Yourpass
- Populate Containers and select the AD OU levels to sync with.
- svdomain.com
- Main
- Admin – checked
- App – checked
- Contacts – checked
- Groups – checked
- Journaling – checked
- Users – [Check then uncheck these sub levels]
- Migrated Users
- Termed Accounts – checked
- Users – checked
- Click on AD Connection Name and from dropdown choose ‘Edit Connection Filters’. Add user filter for userAccountControl Bit on equal 2. Click OK
- Review the Forefront Identity Manager client “C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe”
- Go to User Profile Service Application > Synchronization > Start Profile Synchronization. Perform a full sync. In case the profiles are not imported, review the FIM client for error.
- Assign AD Replicate Directory changes permissions to SharePoint account used in User Profile SA (Farm Admin)
- Reboot the servers if needed.
References:
- https://technet.microsoft.com/en-us/library/hh296982.aspx
- User profile properties and profile synchronization planning worksheets for SharePoint Server 2013
- Plan user profiles in SharePoint Server 2013
- Planning worksheets for SharePoint 2013
- Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013
- Administer the User Profile service in SharePoint Server 2013
- Plan profile synchronization for SharePoint Server 2013 – Active Directory Domain Services
- FIM 2010 Technical Overview
- Creating User Profile Synchronization Exclusion Filters using the userAccountControl attribute
- Connection filter data types and operators in SharePoint Server 2013
- SharePoint 2013: User Profile Syncronization – Direct Active Directory Import
- First Look: SharePoint Server 2013 Active Directory Import
- Required User Profile Synchronization Permissions in Active Directory for SharePoint 2010