Creating the User Profile Service Application
The following steps assume that you have
completed the steps in the previous section to establish managed
service accounts. This is very important; failure to establish correct
accounts and permissions affects the steps in this and following
subsections. Assuming that you have completed the prior steps with no
errors, or issues, follow these steps to provision the User Profile
Service application:
- Open Central Administration.
- Click the Application Management link.
- Click the Manage Service Applications link.
- Make sure no other User Profile Service application or proxy exists in the list. If there are any, delete them.
- From the ribbon, click the New icon and then select User Profile Service Application from the list.
- Give the new service application a name, such as User Profile Service Application.
- Create a new application pool for the application and use the DOMAIN\spservices account.
- Check the names of the three databases—Profile, Sync, and Social.
Either leave the default names, or change them to your desired names.
- Enter the My Site Host application (the form will validate this entry).
- Select the managed path and site name scheme.
- Leave the proxy setting as is.
- Click the Create button and wait while SharePoint creates the User Profile Service application.
- If the NetBIOS name is different from the Fully Qualified Domain
Name, configure the service application with the following PowerShell
script:
$upssa = Get-SpServiceAplication -Id <Guid of the User Profile Service Application>
$upssa.NetBIOSDomainNamesEnabled = 1
$upssa.Update()
You should now have a working User Profile
Service application and proxy in your farm (you may need to refresh the
Managed Services List page). The next section details the steps for
starting the necessary SharePoint services for User Profile
Synchronization.
Starting the Services
At this point, you should have completed the
steps in the previous sections and have a working User Profile Service
application and proxy. Take the following steps to start the User
Profile Service and User Profile Sync Service SharePoint Services:
- Add the DOMAIN\spfarm account to the Administrators group on the server running FIM/UPS (you can remove this account from the group later).
- Perform an IISRESET and reset the SharePoint timer service.
- Open Central Administration.
- Click the System Settings section title link.
- Click the Manage Services on Server link.
- If not already started, start the User Profile Service, which requires no options.
- Start the User Profile Sync Service (see Figure 2).
- Select the User Profile Service Application in the drop-down.
- Enter the farm password and click OK (Yes, the account is hard coded to the farm account, which is less than ideal.).
- Wait. The status of the service will appear as Starting. Do not be
alarmed if the status remains in the Starting state for 10 minutes or
longer, as SharePoint is doing a lot of work to configure FIM.
- While you wait, open the services control panel (SERVICES.msc).
- You should see two Forefront Identity services in the list. The User Profile Sync Service starts these services. Do not be tempted to start these services yourself—this will break User Profile Synchronization in SharePoint.
- Once the User Profile Sync Service has started, remove the DOMAIN\spfarm account from the administrators group on the FIM/UPS server.
- Perform an IISRESET and reset the SharePoint timer service.
- If you have a named instance of SQL, you may need to allow inbound connections to MSDTC on the server running FIM.
If all has gone according to plan and
you have a green Started status next to both your User Profile Service
and User Profile Sync Service in your Services list, give yourself a
pat on the back—if something goes wrong, it typically happens before
now.
