There already exists a lot of installation guides for SharePoint 2010 Beta. So I won’t write a new one ๐ I just want to share some informations how to get some components up and running.
I had the most troubles with the User Profile Service Application. This Service Application sucks data from a User Directories (Active Directory, LDAP, BDC) and provides this informations within SharePoint. You’ll need this user profile data for example for the MySites to show the organization structure, phone numbers and so on.
I assume you already created a User Profile Service Application inside the Central Administration. I will just enlist the troubles I had to get It up and running with the solution which worked for me.
Background-Information: The profile synchronization task is done Microsoft FIM 2010 (Forefront Identity Management).
If the User Profile Service Application Proxy hangs at state “Starting” (Central Admin) and both FIM-Services (services.msc -> Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service) are not started too or have strange or no service accounts entered try the following:
- First of all: If not already done, install the WCF Hotfix KB976462: http://support.microsoft.com/kb/976462/en-us If you build your farm without this hotfix and the services still don’t start you may have to recreate your Farm (I had this case)
- Is the service account a local admin?
- Is there a Windows-Userprofile created for this service account? (Just logon with the service account)
If the FIM Services are running fine (Forefront Identity Manager Service, Forefront Identity Manager Synchronization Service) and both Service Applications are up (User Profile Service Application and User Profile Service Application Proxy) you’re one step closer to success ๐
First of all: Don’t panic when you realize that you can’t edit or delete Synchronization Connections. It IS possible to edit and delete them, but not inside Central Admin (remember, it’s a Beta)
Because the synchronization is handled by FIM it’s the easiest to use its management tools. Run the “Synchronization Service Manager” (“%programfiles%\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe”). Within the tab “Management Agents” you should find three Agents
- ILMMA
- MOSS-<Name of your User Profile Service Application>
- MOSSAD-<Name of your synchronization connection> (If you haven’t created one stop reading and proceed afterwards here)
You can also switch to the “Operations”-Tab. There you’ll find a history of ran jobs and what they did.
Something like that would be our goal:
I think the most information in the screenshot is self-explaining. Basically it’s tell us that a DS_FULLIMPORT ran from Management Agent “MOSSAD-CONNECTION”. It added 11190 AD-Objects to a local “staging area”. If something is wrong you’ll find the information here or on the Management Agents Tab.
In my case the first error was an “Access Denied”. This was because I forgot to grant “Replicating Directory Changes” to the service account. See http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx and http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx
After the change was made I’ve got just success from the tasks, but every import just returned two objects. Hmm. The properties from the “MOSSAD-<CONNNAME>” gave the reason. So right click on this Management Agent -> Properties and switch to “Configure Directory Partition”. There you’ll find your chosen Domain to sync from. Just hit “Containers” and check if the desired OU’s are selected. The selection box inside Central Admin is a little bit “tricky”. In my case the selection of the Domain wasn’t recursive.
Every Management Agent has multiple “Run Profiles” defined. You’ll find them with a right click on the Management Agent -> “Configure Run Profiles”.
MOSSAD-<CONNAME> => Connects to AD
MOSS-<Name of Service Application> => Connects to the User Profile Webservice (http://hostname:port/_vti_bin/ProfileImportExportService.asmx?ApplicationID=<APPID>)
ILMMA => Connects to the Farm Sync-DB
For a Full AD-Import the following Tasks (Management Agent รรรด Run Profile) are running:
- MOSSAD-<CONNNAME> – DS_FULLIMPORT
- MOSS-<Name of Service Application> – MOSS_FULLIMPORT
- MOSSAD-<CONNNAME> – DS_FULLSYNC
- MOSS-<Name of Service Application> – MOSS_FULLSYNC
- MOSS-<Name of Service Application> – MOSS_EXPORT
- MOSSAD-<CONNAME> – DS_EXPORT
I’m not sure what every task exactly does. For my understanding it’s something like:
- Get all AD objects (with a subset of properties) and load them to the temporary staging area in Memory (Connector Space)
- Get all Sharepoint-User Profile Data from the Webservice and load them to the temporary staging area in Memory (Connector Space)
- Syncing all new or updated objects (with the configured attributes) from AD Connector Space to the FIM Metaverse (Farm Sync DB)
- Syncing all new or updated objects (with the configured attributes) from MOSS Connector Space to the FIM Metaverse (Farm Sync DB)
- Push the new or updated data back from the FIM Metaverse to the MOSS Webservice
- Push any changes back to AD (strange?!)
I have no experience with FIM, but that’s a short info I’ve got from Help ๐
Basically if all Tasks ran successful you should have your profiles now available in Central Admin. Easy, isn’t it ๐
BTW: If you accidentally created Synchronization Connections within Central Admin you can delete them with the FIM Synchronization Service Manager. Just delete the unnecessary “MOSSAD-<Name” Management Agents and they will disappear in MOSS as well.
Hope this post was a little helpful. Please let me know if it’s too short or not understandable ๐
Here you’ll find additional informations:
http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx
Leave a Reply