Lab A: Configuring Profile Synchronization and My Sites
Exercise 1: Configuring Profile Synchronization
Scenario
In this exercise, you will configure two-way profile synchronization. You will create service accounts and grant the permissions required to replicate the directory. You will then create an instance of the User Profile Service Application service application and start the required services.
Finally, you will configure the connection to Active Directory and then test the profile synchronization.
The main tasks for this exercise are as follows:
1. Create a service account for the service application
2. Grant the SPFarm account the Replicating Directory Changes permission
3. Grant the SPFarm account local administrator permissions on the SharePoint server 4. Register the service account as a SharePoint managed account
5. Create a new User Profile Service Application application instance
6. Configure the User Profile Synchronization Service Application application instance to support NetBIOS domain names
7. Start the User Profile Synchronization Service service 8. Configure a connection to Active Directory
9. Configure profile synchronization 10. Test profile synchronization
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 5-29
Task 1: Create a service account for the service application
• Start the 20332B-NYC-DC-05 virtual machine. Wait for the virtual machine to display the logon screen, and then wait a further five minutes before you proceed to the next step.
• Start the 20332B-NYC-DB-05 virtual machine. Wait for the virtual machine to display the logon screen before you continue.
• Start the 20332B-NYC-SP-05 virtual machine. Wait for the virtual machine to display the logon screen before you continue.
• Log on to the 20332B-NYC-DC-05 machine as [email protected] with the password Pa$$w0rd.
• Start Active Directory Administrative Center.
• Create a new user with the following details:
Property Setting
Full name Profile Service
UPN logon [email protected]
SAM Account Name logon Contoso\ProfileService
Password Pa$$w0rd
Password never expires Selected
User cannot change password Selected
Task 2: Grant the SPFarm account the Replicating Directory Changes permission
• View the properties for the Contoso domain.
• Grant the Replicating Directory Changes permission to the SPFarm user account.
• Use ADSI Edit to grant the Replicating Directory Changes permission, on the cn=configuration container, to the SPFarm account.
Task 3: Grant the SPFarm account local administrator permissions on the SharePoint
server
• Log on to the 20332B-NYC-SP-05 machine as [email protected] with the password Pa$$w0rd.
• Open the Local Users and Groups Microsoft Management Console (MMC) plugin.
• Add the CONTOSO\SPFarm user account to the local Administrators group.
Note: When you start the User Profile Synchronization Service service, the SharePoint Timer Service Windows service performs several steps to provision the service. To complete these steps, the service requires various permissions, including permissions to log on locally. These
permissions are granted to local administrators. The SharePoint Timer Service Windows service runs under the SPFarm account; however, you must restart the service to ensure the process has the administrative privileges you granted in the previous step.
MCT USE ONL Y. STUDENT USE PROHIBITED
5-30 Connecting People
• Open the Services MMC plug-in.
• Restart the SharePoint Timer Service Windows service.
Task 4: Register the service account as a SharePoint managed account
• Open the Central Administration website.
• Navigate to the Managed Accounts page.
• Register the CONTOSO\ProfileService account that you created in the previous tasks as a managed account.
Task 5: Create a new User Profile Service Application application instance
• Browse to the Manage Service Applications page.
• Create a new instance of the User Profile Service Application service application with the following properties:
Property Setting
Name Contoso UPSA
Application pool name ContosoUPSAAppPool
Application pool service account CONTOSO\ProfileService
• Verify that the service application and a corresponding service application proxy are added to the list of service applications.
Task 6: Configure the User Profile Synchronization Service Application application
instance to support NetBIOS domain names
• Use the Get-SPServiceApplication cmdlet in PowerShell to instantiate a variable named $upsa. Use a where filter to locate the User Profile Synchronization Service Application application.
• Set the NetBiosDomainNamesEnabled property of the $upsa object to true.
• Call the Update method on the $upsa object to make the change permanent.
Task 7: Start the User Profile Synchronization Service service
• On the Central Administration website, browse to the Services on Server page.
• Star the User Profile Service, if it is not already started.
• Start the User Profile Synchronization Service service, by specifying the Contoso UPSA user profile application and the password Pa$$w0rd for the SPFarm user account.
• Verify that the service starts successfully. You will need to refresh the page to update the status and the service may take some time to start.
Note: If the service does not start after 10 minutes then it is likely that you have a configuration error. You must use PowerShell to stop the service and then correct the error.
You can use the following PowerShell script to stop the User Profile Synchronization Service:
Get-SPServiceInstance | where {$_.DisplayName} –like "user*" | Stop-SPServiceInstance
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 5-31
Task 8: Configure a connection to Active Directory
• Browse to the Manage Service Applications page.
• Browse to the application management page for the Contoso UPSA service application.
• View the synchronization settings, and verify that the service is configured to synchronize users and groups, and that SharePoint profile synchronization should be used.
• Create a new synchronization connection with the following properties:
Property Setting
Connection name Contoso Domain
Type Active Directory
Forest name contoso.com
Domain controller Auto-discover
Account name CONTOSO\SPFarm
Password Pa$$w0rd
Containers to synchronize All
Task 9: Configure profile synchronization
• Browse to the application management page for the Contoso UPSA service application.
• Enable the synchronization timer job. Accept the default schedule.
• Browse to the application management page for the Contoso UPSA service application, and then start a full profile synchronization. Wait for the synchronization to complete before continuing.
Task 10: Test profile synchronization
• Browse to the Manage User Profiles page.
• View the user profile for the CONTOSO\Jim user account.
Note: Some fields will display error messages. This is expected because you have not configured all of the social features in SharePoint 2013 to support these fields.
Results: After completing this exercise, you should have configured two-way profile synchronization.
MCT USE ONL Y. STUDENT USE PROHIBITED
5-32 Connecting People
Exercise 2: Configuring My Sites
Scenario
In this exercise, you will configure My Sites. You will create a new web application to host the My Sites.
You will also create a new service account for this web application, which you will register as a SharePoint managed account, and you will configure DNS.
You will then create a My Site Host site collection in the new web application. After you create the My Site Host site collection, you will configure the My Site settings in the User Profile Service Application instance and complete the configuration.
Finally, you will test My Site creation.
The main tasks for this exercise are as follows:
1. Configure a DNS record for the My Site web application
2. Create a service account for the My Sites web application application pool 3. Register the service account as a SharePoint managed account
4. Create and configure a new web application to host My Sites 5. Create a My Site host site collection
6. Enable Self-Service Site Creation for the My Site host web application
7. Configure My Site settings for the User Profile Service Application service application instance 8. Enable the User Profile Service Application - Activity Feed Job timer job
9. Test My Site creation by using a non-administrative user account
Task 1: Configure a DNS record for the My Site web application
• Switch to the 20332B-NYC-DC-05 virtual machine. If you are not already logged on, log on as [email protected] with the password Pa$$w0rd.
• Open DNS Manager.
• Add a new host record to the Contoso.com forward lookup zone with the following properties:
Property Setting
Name mysites
IP address 172.16.1.21
Task 2: Create a service account for the My Sites web application application pool
• Start Active Directory Administrative Center.
• Create a new user with the following details:
Property Setting
Full name My Sites Application Pool
UPN logon [email protected]
om
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 5-33
Property Setting
SAM Account Name logon Contoso\MySitesAppPool
Password Pa$$w0rd
Password never expires Selected
User cannot change password Selected
Task 3: Register the service account as a SharePoint managed account
• Switch to the 20332B-NYC-SP-05 virtual machine. If you are not already logged on, log on as [email protected] with the password Pa$$w0rd.
• Open the Central Administration website.
• Navigate to the Managed Accounts page.
• Register the CONTOSO\MySitesAppPool account that you created in the previous task as a managed account.
Task 4: Create and configure a new web application to host My Sites
• Create a new web application with the following properties:
Property Setting
IIS web site name MySites - 80
Port 80
Host header mysites.contoso.com
Application pool name SharePointMySites - 80
Application pool security account CONTOSO\MySitesAppPool
All other settings Accept default setting
• Add a managed path named personal to the mysites.contoso.com web application.
Task 5: Create a My Site host site collection
• Use the Central Administration website to create a new top-level site collection in the mysites.contoso.com web application with the following properties:
Property Setting
Title MySite Host
URL http://mysites.contoso.com
Template My Site Host
MCT USE ONL Y. STUDENT USE PROHIBITED
5-34 Connecting People
Property Setting
Primary site collection administrator CONTOSO\Administrator
Task 6: Enable Self-Service Site Creation for the My Site host web application
• On the Central Administration website, browse to the Web Application Management page.
• Enable self-service site creation for the MySites - 80 web application with default settings.
Task 7: Configure My Site settings for the User Profile Service Application service
application instance
• Browse to the service application management page for the Contoso UPSA service application.
• Configure the My Site settings for the Contoso UPSA user profile service application by using the following properties:
Property Setting
My Site host location http://mysites.contoso.com
All other settings Leave blank or accept the default setting
Task 8: Enable the User Profile Service Application - Activity Feed Job timer job
• Browse to the Timer Jobs page.
• Enable the Activity Feed Job timer job associated with the Contoso UPSA service application.
Task 9: Test My Site creation by using a non-administrative user account
• Switch to the 20332B-NYC-DB-05 virtual machine and log on as [email protected] with the password Pa$$w0rd.
• Open Internet Explorer and navigate to the http://sharepoint.contoso.com site. Log on as [email protected] with the password Pa$$w0rd.
• On the SharePoint site, browse to the user’s My Site. Log on as [email protected] with the password Pa$$w0rd.
Results: After completing this exercise, you should have configured My Sites and tested My Site creation for a non-administrative user.
MCT USE ONL Y. STUDENT USE PROHIBITED
Advanced Solutions of Microsoft SharePoint Server 2013 5-35