A User’s Profile
A user profile is a
collection of data about a person. SharePoint synonymizes the term
“people” with “users”; therefore, user profiles in SharePoint consist
of data about users of the SharePoint platform. When you think about
the profile of a user, you typically think about demographic information—name,
address, phone, e-mail, and so on. SharePoint stores this demographic
data, and more, as fields in the user profile associated with a user in
a SharePoint farm. SharePoint terms these fields “profile properties.”
Users of a SharePoint site may view their
profile at any time by clicking their name either on the top right of
the ribbon (followed by the About Me link), or next to any document or
list item when shown. SharePoint will display a page with main
demographic information, a picture (if you have one in your profile),
and other information about you—such as the About Me description, and
skills. Your profile page also includes an Edit My Profile link,
allowing you to edit your own profile. Figure 1 shows the default profile
for my user identity in my SharePoint 2013 development farm. Notice
that I added a picture to my profile to make it appealing to those
viewing it.
Similar to the way you view your own profile; other users of SharePoint may see your public profile information
by clicking your name where it appears next to list items and documents
in the site. Your association with a user governs how you see his or
her profile. For example, users can set the visibility of their profile
properties to Everyone, Manager, Team, Colleagues, or just themselves.
If you are thinking that user profiles
in SharePoint are very much like user records in Active Directory (or
any other directory system), you are right. Keeping user profile
information in both places may seem like unnecessary work, which is why
Microsoft provided the User Synchronization Service
in SharePoint, so you can populate user profiles in SharePoint with
those in your directory system. User Profile Synchronization now also
allows you to establish bidirectional sync, so
that users may update their profiles in SharePoint and see the changes
reflected in the directory store.
The User Profile Infrastructure
In this section, my aim is to give you some
context for various architectural components that combine to make the
user profile and User Profile Synchronization infrastructure. Figure 2
offers a pictorial overview of the components and provides a logical
view of the services and service applications involved. Following this
infrastructure overview, you will configure a new User Profile Service
and Synchronization in a virgin SharePoint 2013 farm.
Note Although most deployments of User Profile Synchronization use Active Directory, there is no reason why you cannot configure User Profile Synchronization to another directory store, such as an LDAP service.
The User Profile Service Application
A SharePoint service application exists in a
context similar to that of a SharePoint web application—it resides in
Internet Information Services (IIS) and offers application presence to
other SharePoint and non-SharePoint services on the network. Within
Internet Information Services Manager 7.0 (INETMGR),
expand the SharePoint Web Services application to see a list of IIS
applications, some with GUID names—these are the service applications
hosted on the current server of your farm.
The User Profile Service application is actually a WCF (Windows Communication Foundation) service,
which exposes service end-points. Other servers in the farm may
leverage the User Profile Service application to access user profile
data.
Administrators may configure multiple User
Profile Service applications in the farm, but only one User Profile
Service application associates with a User Profile Synchronization
SharePoint Service.
The User Profile Service
The User Profile Service is a SharePoint service. Note that a SharePoint service is not the same as a Windows
service. SharePoint services exist only in the SharePoint context and
consist of functionality abstracted into .NET assemblies within the
SharePoint platform and exposed to the administrator in the list of services in the SharePoint farm in Central Administration. Take the following steps to view this list:
- Open Central Administration.
- Click the link Manage Services on Server in the System Settings section.
- Look for the User Profile Service in the list.
Only one server in the SharePoint farm should
have the User Profile Service running, which is the service machine
instance for the User Profile role.
The User Profile Synchronization Service
Like the User Profile Service, the User Profile Synchronization
Service exists as a SharePoint service and lists alongside its sibling
User Profile Service on the server in the farm, delegated as the
service machine instance for the User Profile role. This particular
service provides .NET wrapper functionality to SharePoint, beyond that
provided by the Forefront Identity Manager (discussed next).
Only one server in the farm should run the User
Profile Synchronization Service, typically the same server running the
User Profile Service. This service associates with only one User Profile Service application and accepts credentials under which the FIM operates.
The Forefront Identity Manager (FIM)
SharePoint bundles a lightweight version of
the Forefront Identity Manager application, which has the primary job
of managing user and server identity. The FIM consists of two Windows
services—configured by the User Profile Synchronization Service
SharePoint Service.
Note The
FIM client tool, part of Windows, does not support customizing the FIM
services that bundle in SharePoint 2010 and 2013 but supports
monitoring and troubleshooting.
