4.4 Configuring the User Profile Image Export
The following steps illustrate how to
utilize the SharePoint Profile Synchronization method to export a
user’s image to the directory store, such as Active Directory, for
example. This is a common request, because seeing a user’s face helps
facilitate collaboration, especially when the people who are
interacting have not been introduced. Once exported from SharePoint,
the user’s picture can then be used by other applications such as
Outlook. Exporting these images from one source provides consistency
throughout your organization as users interact with people through
e-mail, chat, and in SharePoint. Here are the steps to export the
user’s picture:
1. Ensure that
you are using SharePoint Profile Synchronization to import your profile
data, and that the import is coming from Active Directory or another
LDAP-compliant data source. These steps assume you’re using Active
Directory.
2. The Active
Directory account that is doing the synchronization requires additional
permissions. Follow the same steps outlined at the beginning of the
section, “SharePoint Profile Synchronization,” but this time grant the
Create All Child Objects permission to the account.
3. In Manage User Properties, find the Picture property, hover over the name, and then click Edit.
4. In the Add new mapping section, pick the source data connection that you wish to use.
5. Select thumbnailPhoto as the Attribute that will receive the exported picture.
6. Set the Direction of the mapping to export, and click OK.
7. Run a full synchronization.
When the synchronization has completed, the
Active Directory attribute should contain data for those users who have
uploaded their picture in SharePoint.
NOTE The image might not appear right away in the various Office clients until you close and reopen them.
4.5 Managing User Properties
Property mapping is one of the steps
involved in the profile import or sync process. User properties are
mapped to SharePoint properties, and this constitutes the SharePoint
user profile. User properties are comprised of the attributes or fields
associated with the database of users in the organization. This
information is stored in a directory service, such as Active Directory.
A long list of properties is included and already configured by
default. They are separated into sections for easier viewing and
organization. You can view the properties that are part of the
SharePoint user profile by viewing the Manage User Properties page.
This page, shown in Figure 8,
is accessed from the Manage Profile Service page by clicking the link
in the People section. The Add User Profile Property page is shown in Figure 9.
This page is very similar to the Edit User Profile Property page, which
is accessed by choosing Edit from the drop-down menu of a specific
property.
It is these properties that are mapped to
properties in the user directory, and upon synchronization the
directory property values are assigned to the mapped SharePoint
properties. You can set properties to automatically pull or push data
to the directory service, or you can configure them to be editable by
end users from within their SharePoint My Site. As you configure
property mappings, edit properties, and create new properties, you will
encounter several terms associated with properties. Therefore, as you
view Figure 9, and hopefully in keeping with your own farm setup, it would be useful to review the terminology:
- Property Settings — The property
name is used by the User Profile service to access the specific
property, and it cannot contain any spaces. The display name is the
name of the property that users see. The property type is a field type,
such as a string, a date, or an integer. The different property types
available are shown by selecting the drop-down menu of the Type input
box. Properties can be single or multi-valued, configured to use a
metadata term set, and support multiple languages.
- Sub-Type — These can be used to
more granularly categorize people, such as by a company’s major
divisions or a company’s location. Each profile property can be
selectively added or removed from these subtypes. To create a new
subtype, click the Manage Sub-types button on the Manage User
Properties page. This will take you to the Manage User Sub-type dialog
shown in Figure 10.
After you create a new subtype, it will appear on the Add User Profile
Property page (as Company Location is shown previously in Figure 9).
- Policy Settings — Use this section
to configure whether fields are required optional or disabled, and who
should be able to see them. The privacy setting determines who can view
the property. For example, a property such as Home Phone will most
likely be set up with a default privacy setting of Only Me or My
Manager. If the organization’s policy is to allow end users to modify
the privacy setting, check the box next to “User can override.” When
the default privacy setting is set to Everyone, the property may also
be set as Replicable, which means the property will be propagated to
each site’s user information list. You will learn how to configure
policies for the entire profile service application in the section,
“Managing Policies.” Once configured, these policies are then
applicable to user profile properties.
- Edit Settings — Use this section to
specify whether users should be allowed to edit the value of this
property. For properties that are automatically populated from the
directory service, it is a best practice to choose “Do not allow users
to edit values for this property,” because the value will be
overwritten during the next synchronization.
- Display Settings — If a property is
set as visible to everyone in the policy settings, there will be an
option to Show in the profile properties section of the user’s profile
page. This means that when a user’s My Site profile is being viewed,
this property will be displayed. When Show on the Edit Details page is
enabled, it is available as an editable property when a user clicks
Edit my profile, which is a link located under the user photo on the My
Site. If the Edit Settings section is set to not allow users to edit
the property value, then selecting to Show on the Edit Details page
will not have any effect.
- Search Settings — The Alias setting
is used only for the unique fields associated with each user, such as
Account name, Name, User name, and Work e-mail. Configuring a property
as indexed allows the data to be searched when people search is
utilized.
- Mapped Data — Each property in the
list can be mapped to a specific attribute in another line-of-business
directory service, such as Active Directory. To create a mapping, a
Source Data Connection must be chosen. Then, from within that source,
pick an attribute, which is a field in the user database. Finally,
choose whether to either import this attribute into SharePoint or
export it from SharePoint.
This completes the review of the different
configuration options associated with profile properties. Property
mapping is an important step in the sync configuration process, and
typically the last step prior to the profile sync. The profile sync can
be initiated manually as described previously, but the administrator
should create a sync schedule to ensure that profile sync is occurring
automatically. A sync schedule is created by editing the timer job
responsible for profile sync. This timer job is configured on the Edit
Timer Job page, which is accessed using the Configure Synchronization
Time Job hyperlink on the Manage Profile Service web page.
ACTIVE DIRECTORY ATTRIBUTE NAMES
When mapping attributes from Active
Directory to the profile properties in SharePoint, sometimes it is a
little difficult to discern the correct attribute, simply because the
names don’t necessarily match up. For example, if you were creating a
new profile property called Zip to map to the ZIP Code attribute in Active Directory, it might take you a minute to figure out that Zip is actually called postalCode in the list of SharePoint properties, and there isn’t a need to create a new property called Zip.
You can use ADSI Edit to take a look at the real attribute names:
1. From a
server with the Active Directory domain services role installed, click
Administrative Tools in the Start menu and choose ADSI Edit.
2. Click Action ⇒ Connect to, and type your domain.
3.
Navigate through the Active Directory structure to where the user
objects reside. Right-click a user’s name and choose Properties. Scroll
through the Attribute Editor tab to see the names of the attributes and
the data in them.
