I wanted to write a series about how to get SharePoint 2010 user profiles service and synchronization scenario working. So this is the first post of this series and I will talk about the configuration alternatives of the user profiles service. The user profile service can be configured either on a single server installation or in a server farm. Although it can be installed on a single server installation this is not the supported production environment scenario.

If you are installing on a server hosting also the domain controller then you have to remember while you initially configure SharePoint to not use the FQDN for the SQL server name. if you do so already you can roll this back by disconnecting the server from the farm and reconnecting it again while giving just the machine name as the SQL server name.

If you are using a named SQL instance then you MUST configure an alias for SQL. To do this we should run the SQL Server Client Network Utility (which is installed on every SharePoint machine).

1. Start… Run..
2. Type cliconfg and click OK.
3. Click TCP/IP and then the Enable >> button.
   
4. Click the Alias tab.
5. Click the Add button.
6. Select the TCP/IP radio button.
7. Enter the alias you wish to use (e.g. SHAREPOINT) in the Server alias text box.
8. Enter the address of your instance (e.g. SQL1\SHAREPOINT) in the Server name text box.
9. Deselect the Dynamically determine port check box.
10. Enter the port of your instance (e.g. 1433) in the Port number text box.
    
11. Click OK to save the alias.
12. Click OK to save the configuration and close SQL Server Client Network Utility.

Once we have an alias we can create our farm using it. However there is also another step necessary for reliable startup of the UPS service instance. Basically what happens is that we can provision UPS, but when we restart the machine (for example after patching the box) the UPS services will fail to start. We should configure this before starting the UPS service instance for the first time to avoid the issue completely.

We need to open up network access to the Local DTC on the machine hosting the UPS Service Instance, which is done using the Component Services MMC Snap In:

1. Start… Administrative Tools… Component Services.
2. Expand Component Services > Computers > My Computer > Distributed Transaction Coordinator.
   
3. Right click Local DTC and choose Properties.
4. Click the Security tab.
5. Check the Network DTC Access check box and the Allow Remote Clients check box.
   
6. Click OK.
7. You will be prompted to restart MSDTC, click Yes.

Now we can provision UPS and it will start reliably following a machine restart.

First: Single Server Installation

1. Logon to the server using the farm account the same account will be used later for the user profiles synchronization service. This account should be a local machine administrator and already have access to SQL server. If you are using the domain administrator as the farm administrator then you jump to step 4.
2. Give the account the log on locally right on the server.
3. Give the account the replicating directory changes on the domain controller.
4. Open the central administration site.
5. Now for the farm it is not recommended to use the wizard but for a single server install it can be. Click on the link configuration wizards.
6. Click on the link “Launch the farm configuration wizard”.
   
7. Click on the button “Start the Wizard”.
   
8. Make sure that the “User Profile Service Application” is selected and make sure you are selecting the managed account you will be using for profile synchronization service later. (The same account you already used to logon to the server in step 1)
   
9. Click “Next”.
10. Once this process finishes just click skip for creating the initial site collection. And click “Finish” to complete the Wizard.
11. Now the user profile service application is configured but we still need to make sure it is running and then configure the synchronization service.
12. Return back to the home screen of the central administration and make sure the UPS is running on the server by clicking the link “Manage services on server”
    
    
    If it is not started start it by clicking start.
13. Now while you are on the same screen, start the user profiles synchronization service by clicking start.
    
14. Now you will have to wait and I mean really wait. It might take from 5 minutes and up to 30 minutes to be provisioned and started. You can still monitor that it is running by looking in the running timer jobs for a job called “UserProfileSyncronizationSetup”.

In the next post I will discuss to configure this on a farm.

The scenario is simple; what have configured people search and allowed that to search using a custom metadata property that is being populated into the user profiles from an external system like a BCS system. For this post I assume that the user profiles synchronization is up and running and that we added an extra profile property for example SubDepartment from an external system and people search is already configured. So here are the steps.

1- Make sure that the “Managed Metadata Service” is provisioned and running before you perform this procedure.

2- Once the initial full synchronization is completed we should check that the custom property is populated to the users profiles as expected.

3- Open the SharePoint central administration web site.

4- Create a new metadata property pointing to your custom user profile property.
Click “Metadata Properties”



Click “Add Mapping”



Select “People:SubDepartment” (This is the crawled property and you will never find it until you perform the initial full crawl of the users profiles) and then OK
Click “Allow this property to be used in scopes (check box)”

5- Once this is done and this is a very important step RUN ANOTHER INCREMENTAL CRAWL.

6- Now open your search center and select people search and search for anything just to display the results page.

Edit this page and then edit the refinements web part.



Enter the following text
<Category Title="SubDepartment" Description="Use this filter to restrict results to a specific organization" Type="Microsoft.Office.Server.Search.WebControls.ManagedPropertyFilterGenerator" MetadataThreshold="1" NumberOfFiltersToDisplay="4" MaxNumberOfFilters="50" SortBy="Frequency" SortDirection="Descending" SortByForMoreFilters="Name" SortDirectionForMoreFilters="Ascending" ShowMoreLink="True" MappedProperty="SubDepartment" MoreLinkText="show more" LessLinkText="show fewer"/>

7- Uncheck the check mark "Use Default Configuration"

8- Click ok twice and then the user will have the capability to restrict the results depending on the SubDepartment of the employee.

Happy SharePointing

The scenario is simple; what you want is to configure people search and allow that to search using a custom metadata property that is being populated into the user profiles from an external system like a BCS system. I will dedicate several posts for configuring the user profiles service and synchronization from an external source. But for this post I assume that the user profiles synchronization is up and running and that we added an extra profile property for example employee ID from an external system. So here are the steps.

1. Make sure that the “Managed Metadata Service” is provisioned and running before you perform this procedure.
2. Once the initial full synchronization is completed we should check that the custom property is populated to the users profiles as expected.
3. Open the SharePoint central administration web site.
4. Create a new content source for your user profiles
   
   Select your configured search application
   
   Click Manage
   
   
   
   Fill in the required fields and mark how we write the URL of the SharePoint site to the my sites host URL with a special sps3 protocol.
   
   Create schedules as required
   
   Select full crawl check box (you can do that later if you want)
   
   Click OK
   
5. Keep refreshing the content sources page until the crawl has finished.
   
6. Create a new metadata property pointing to your custom user profile property.
   Click “Metadata Properties”
   
   
   
   Click “Add Mapping”
   
   
   
   Select “People:EmployeeID” (This is the crawled property and you will never find it until you perform the initial full crawl of the users profiles) and then OK
   
   
7. Once this is done and this is a very important step RUN ANOTHER INCREMENTAL CRAWL.
8. Open your search center that you want the user to use the new metadata property and now we will customize this page to add the new managed property.
   Click the “People” link.
   
   Click on site actions and then edit page.
   Open the search box web part properties
   
   
   
   Now in this window add a new line like this:
   <Property Name="EmployeeID" ManagedName="EmployeeID" ProfileURI="urn:schemas-microsoft-com:sharepoint:portal:profile:EmployeeID"/>
   
   Click ok twice
   Now when you click on search options you see this view
   
   
   And if you enter any employee ID in the designated section you get results as following
   
   Please note the query format.

So now your users are able to search for a user profile using their HR system employee ID.

Please note one thing if you want to localize the name of the property you will have to change the field name in this line to whatever you want.

<Property Name="EmployeeID" ManagedName="EmployeeID" ProfileURI="urn:schemas-microsoft-com:sharepoint:portal:profile:EmployeeID"/>

Happy SharePointing

In this series of posts I will go through Exchange 2010 SP1 Hosting details starting from Overview, Deployment, Migration, Multi-Tenant,...etc.

Microsoft Exchange Server 2010 SP1 supports hosting deployments and provides Hosting Partners the core feature-set of Exchange Server in a manner that can be deployed to multiple customers in a single installation, and provides ease of management and flexibility of provided features to end-users.

The hosting solution available for Exchange 2010 SP1 includes most of the features and functionality available in Exchange 2010 SP1 Enterprise deployments, but also includes features and functionality that will allow hosters to create and manage tenant organizations; however Exchange 2010 SP1 doesn't support the following features in Hosting mode:

• Exchange Management Console
• Public Folders
• Unified Messaging Server role
• Federation
• Business-to-Business features such as cross-premises message tracking and calendar sharing
• IRM (Information Right Management)
• Outlook 2003 support (EnableLegacyOutlook)
• Edge Transport Server role

The Exchange Server 2010 SP1 Hosting supports the following three separate server roles required to perform the tasks of a carrier-class messaging system

• Client Access Servers (CAS) - Support the traditional components such as Post Office Protocol 3 (POP3) and Internet Message Access Protocol 4 (IMAP4), Exchange ActiveSync®, Microsoft Outlook Web App, and Outlook Anywhere
• Hub Transport Servers (Hub) - Perform the internal message transfer, distribution list expansions, and message conversions between Internet mail and Exchange Server message formats
• Mailbox Servers (MBX) - Maintain mailbox store databases, with high availability provided by Database Access Groups (DAGs)

Flexible System Scaling Approach

Although it is technically possible to combine multiple Exchange 2010 server roles onto a single physical or virtual server, one of the goals of this Exchange 2010 SP1 Hosting architecture is to recommend against combining server roles. By implementing a single-role server deployment methodology, service providers can designate server hardware more accurately according to specific tasks, and increase the capacity of the messaging environment selectively, according to specific demands and changing trends. For example, as demand for mobile messaging services continues to grow, service providers can increase the number of Client Access servers without affecting other areas in the messaging environment

Role-Specific Load Balancing and Fault Tolerance and High Availability

Different server roles support different techniques and architectures for load balancing and fault tolerance. For example, if multiple Hub Transport servers exist in the same Active Directory® site, Exchange Server 2010 balances the message traffic automatically between these servers, whereas Mailbox servers are not load-balanced in the same way. Redundant copies of mailbox databases can be replicated across multiple servers arranged into Database Availability Groups (DAGs) to achieve fault tolerance.

Table below shows the load balancing technology per server role that service providers should use in a production environment to implement high availability and fault tolerance.

Exchange 2010 Data Base Availability Group (DAG)

The new concept of the Database Availability Group (DAG) is exciting Exchange 2010 technology to bring low cost high availability without costly hardware SAN infrastructure.

Microsoft Exchange Server 2010 clients will connect to Client Access Servers, which will proxy the requests to the client.  No more LCR, SCR, or CCR…DAG (or Super CCR) uses low cost DAS storage to leverage a “Raid 5” striping of databases to multiple servers.  Client Access Servers (set in load balanced server farms), will provide primary HTTP and a new “distributed RPC endpoint” for Office 2010, Office 2007 emulation of a “standard exchange mailbox server” without needing to upgrade the clients.

Since clients connect to the CAS servers to proxy requests to the mailbox servers, failover from mailbox server to another in the DAG happen in less than 30 seconds in a failover or move command.

Some other notable highlights in Exchange 2010 database and HA architecture:

• Replication between databases will change from being a RPC method, to a TCP socket method which will increase performance on heavily loaded servers.  
• Replication can be locally or remote (cross-subnet).  You will need CAS servers at the DR site however if you lose the primary datacenter.
• You can have to 16 mailbox servers in a DAG.
• There will be no integration with Microsoft Online at the DAG level.   Microsoft Online cannot be used as DR site for a on-premise hosted mailbox.  Either it’s on-premise or hosted, not a mixture of the two.
• You still Windows Server 2008 Enterprise, as failover clustering feature is required.
• The concept of Storage Groups is depreciated.
• Jet is still the storage engine for Exchange 2010 databases.
• Exchange IO has been reduced 50% from 2007 to 2010 (and already a 70% IO reduction from Exchange 2003 to 2007).
• Single Instance Storage is going away, as well as the per database table.  A new table is created for each mailbox, creating the scenario for 10,000+ messages in mailboxes due to the sequential read capability. 
• Server based PST files allows archiving with anywhere access. Helps for e-discovery, OWA searches, and compliance management.

In the next post I will go through Exchange 2010 SP1 Hosting description.

Related Posts:

• Exchange 2010 SP1 Hosting – Part 1 “Overview” http://blogs.technet.com/b/meamcs/archive/2010/12/31/exchange-2010-sp1-hosting-part1-overview.aspx?wa=wsignin1.0
• Exchange 2010 SP1 Hosting – Part 2 “Hosting Description” http://blogs.technet.com/b/meamcs/archive/2010/12/31/exchange-2010-sp1-hosting-part1-hosting-description.aspx?wa=wsignin1.0
• Exchange 2010 SP1 Hosting – Part 3 “Hosting Setup” http://blogs.technet.com/b/meamcs/archive/2011/03/14/exchange-2010-sp1-hosting-part-3-hosting-setup.aspx 
• Exchange 2010 SP1 Hosting - Part 4 "Multi-Tenant Setup" http://blogs.technet.com/b/meamcs/archive/2011/05/15/exchange-2010-sp1-hosting-part4-multi-tenant-setup.aspx

I found that it is very important to know what is new in Windows 2008 and Windows 2008 R2 Group Policy Preferences, that is why I shared this information that I collected from Microsoft Documentation.

With the release of Windows Server 2008 additional GPO functionality has been included in the operating system for the configuration and management of Group Policy Preferences. These preferences will apply to Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. If Group Policy Preferences are to be used on an operating system earlier than Windows Vista SP1 or Windows Server 2008, then a download and installation of the Client Side Extension option will be required in order for the preferences to be processed by the client.

The use of Group Policy Preferences (GPP) allows for settings to be applied to a computer as well as allowing the local user to change the settings at a later date. GPP have also been designed to help replace the more complex tasks of drive mapping and environment variable setups without the need for complex logon scripts. An additional feature also allows for “item-level targeting” which as the name suggests allows you to set very granular filters on individual policy items within a GPO, note this is only for GPP options. There are 27 filter criteria that can be used to control each individual item. An example of this usage might be for the generic GPO to have some tightly controlled settings set within the normal policy, for a given OU, however additional options could then be targeted at specific computers allowing additional configuration to take place.

The configurable features in GPP are directed at User and Computers, although some apply to both there are instances when the feature only applies to one type:-

· Environment – The environment extension is per-computer and per-user and lets you configure both system and user environment variables (e.g. %temp%) on a given target system. Note that with all GPP settings, you can choose different actions for this extension. You can create a new environment variable, update or replace an existing one, or delete an existing one.

· Files – Both on a per-computer and per-user extension that lets you distribute files to your end-user computer or user. For example, you might use this to distribute shortcuts to your user’s desktops or data files required for a local desktop application or even delete temporary files that are created by applications from a specific location

· Folders – Both on a per-computer and per-user extension that lets you create, update and delete folder structures on target systems or users. For example, you might use this setting to delete temporary folders that get created on computers.

· INI Files – Both on a per-computer and per-user extension that lets you create, delete or update values within text-based ini files.

· Registry – Both on a per-computer and per-user extension—this extension is powerful in that you can create, delete and update registry keys and values on target systems. Because this extension provides the ability to easily push registry values to computers and users through a GUI interface, and because it supports all the different value types in the registry, this extension effectively eliminates the need for creating custom ADM files for pushing out registry modifications through Administrative Template policy

· Network Shares – A per-computer extension only—this extension lets you create shares on target computers—be they desktops or servers. You can create, delete and update shares, in fact, on any target system. In addition, the extension lets you set a user limit on the share.

· Shortcuts – This is both a per-computer and per-user extension that lets you create and distribute shortcuts to computers and users. You can manage shortcuts to file systems, web URLs and Windows shell objects (e.g. My Computer). This extension does not copy .lnk files around, but rather creates shortcuts on the fly, that meet your specifications. You can specify all of the normal parameters of a shortcut, including the “Start in” field, the icon that appears with the shortcut and any arguments for the target that the shortcut executes.

· Drive Maps – This is a per-user extension that lets you control drive mappings for end users. You can create, delete and update drive mappings to UNC paths and can control which drive letter is mapped (or use next available). You can also choose to hide or show the particular drive letter to the user. This option could be utilized to help remove the need for logon scripts.

· Data Sources – This is a per-computer and per-user extension that lets you manage system or user ODBC data sources used by applications that leverage databases. This extension lets you choose the ODBC driver type, and provide credentials for the connection to the database, which are stored encrypted within the GPO.

· Devices – This is a per-computer and per-user extension that lets you allow or deny use of devices based on the device class. For example, you could use this extension to deny the use of all thumb drives or all CD burners. Better configuration options are available in the Group Policy Object itself when working against Windows Vista clients.

· Folder Options – This is a per-computer and per-user extension that lets you set file extension associations. For example, you can use this extension to associate all .log files with a particular text reader.

· Local User and Groups – This is both a per-computer and per-user extension that provides a variety of control around local user and group accounts. You can create, update, replace or delete users and group accounts from local computers. You can also update the password for accounts local to the computer.

· Network Options – This per-computer and per-user extension lets you manage VPN and Dial-up Networking (DUN) connections on your systems. For example, centrally create a VPN client configuration for all of your corporate users that require VPN-based remote access, and if something changes in your VPN configuration, you can easily update those connections using this feature.

· Power Options – This per-computer and per-user extension lets you configure power management settings on XP/2003 systems. New to Windows Server 2008 R2 is the additional Power Plans for Windows Vista and later clients. By using this feature, you can create a default configuration that users can later change as necessary.

· Printers – This per-computer and per-user extension lets you manage printer mappings. You can use it to install Shared, TCP/IP or Local printers. Shared printers are per-user only. This feature can use this extension along with item-level targeting to map printers based on criteria such as user groups or IP address ranges. The Windows Vista GPO provides native support for deploying printers, however, it only support shared printers and requires AD schema extensions. In contrast, using the Printer extension supports shared, local and TCP/IP printers.

· Services – This is a per-computer extension that lets you control service configuration. While this extension is somewhat redundant to the existing Group Policy security setting that lets you configure service start-up type and security, the GPP version of this feature gives you more control. While you can’t configure service security using this extension, you can configure elements of a service such as the account that it uses to logon to the system (along with password changes to those service accounts) as well as the recovery behavior of the service (e.g. restart after failure or run an external program when the service fails). In addition, this extension supports the ability to perform actions on the service (like stopping and starting it) when the policy is processed.

· Internet Settings – This per-user extension provides additional control over IE 5, 6, 7 and 8 configurations. Although GP already provides both IE Maintenance policy and Administrative Templates settings for controlling IE security and behavior, this GPP extension provides some additional control that these two earlier policy areas do not, such as the ability to configure all of the options on IE’s Tools, Internet Options, Advanced tab as well as more common aspects such as the Connections tab, home page and the size of Temporary Internet Files and browser history.

· Regional Options – This per-user extension provides the ability to control the options available in the Control Panel, Regional Settings applet, such as default user locale, how numbers, currency, data and time are displayed, and the user’s default country location.

· Start Menu – This per-user extension lets you control the configuration of the Start Menu and its various options. From here you can enable or disable items that should appear on the Start Menu, set the size of Start Menu icons and how many programs appear, as well as customizing “Classic Start Menu” behavior. Note that this extension supports Windows XP, Windows Vista and Windows 7.

· Scheduled Tasks – This per-computer and per-user extension lets you create scheduled tasks to execute applications at particular times. It also supports something called an immediate task, which means that you can set an immediate task to execute as soon as Group Policy processes this setting. New to Windows Server 2008 R2 is the additional options to define Schedule tasks and immediate task for Windows Vista and later.