SharePoint 2013 User Profile Property Mapping And Synchronizing Groups

For a user profile property that comes from an external system, you need to map the property for a specific attribute of the external system. The default will offer some user profile properties mapping. You will only be able to map a profile property to an attribute with data that is compatible with the data type of property. You aren’t going to be able to map SPS-HireDate user profile property to the homePhone Active Directory. This is because SPS-HireDate is a date and HomePhone is a Unicode string.

For synchronizing profile information and importing profile properties from external systems you will be able to write data back to a directory service. You won’t be able to write data back to a business system. By mapping the property and setting the direction of it to export, you can indicate to SharePoint Server that you wish to export a user profile property.

Each of the properties will be mapped in only one direction. You can’t do both an export and import for the same user profile property. The data to be exported will overwrite any values that are already in place in the directory service. This is also the case for multi-value properties. The export value will always override them, not add to them.

With SharePoint Server, the groups are synchronized with user profiles by default. You will have the option to turn that function off from the Configure Synchronization Settings page. This is located in Central Administration. It is important to note that synchronizing groups is only supported in AD DS.

When you synchronize groups as well as users, the information will have to be imported for the groups that the members are part of in SharePoint Server. When a group is synchronized, it doesn’t create a profile for the group. It won’t allow any additional user profiles to be created. The groups will only be used to create an audience and to display membership for a visitor when it is in common with the person that the My Site belongs too in SharePoint Server.

If you are going to synchronized groups, you have to import information for all of the existing groups in the directory service containers with SharePoint Server. The exception is if you decide use a filter to exclude certain groups. The filter for excluding them is different from the filter for excluding users though, even though they do have a similar format.


SharePoint 2013 Profile Exclusion Filters

All of the profiles from the containers you identify will be synchronized by SharePoint. The exception will be if you decide to exclude profiles through the use of a filter. You can create a filter to exclude those user accounts that have been disabled. Filters consist of a set of clauses that a connector joins. There are three parts to each clause are Attribute,Value, and Operator.

You have two options when it comes to the method for joining the clauses to the exclusion filter All apply is when an account matches the filter only if all the clauses apply and any apply is when an account matches the filter if any of the clauses apply.

If you have temporary employees in the organization with AD accounts starting with T, you can synchronize the profiles for all permanent users with accounts that haven’t been disabled. With AD DS, you will find bit mask in the user Account Control. This represents various aspects of the status for a user account. You can’t create a filter that has membership as the basis it in the directory service group. This includes the distribution list.

In order to import properties from a business system, you will need an external content type. It will bring the property value from an external system into the SharePoint Server 2013. The information here doesn’t cover creating an external content type. That is a task normally reserved for a developer to complete. It does cover the data you will need to collect and provide that developer with.

With user profiles that a 1 to 1 relationship with the items of the external content, you need to create a specific finder method. Any external content type will contain the date of birth of the user for a 1 to 1 relationship. The user profile will also match one item of the extra content type.

When a user profile is a 1 to 1 relationship with items that include external content type, they create a finder method and a comparison filter. For example, there is unique information found on the license plate of any vehicle, and that is an example of such 1 to 1 relationships. Even though a person may own several vehicles, that is a unique way to identify them from each other.

The information that is received back from the external content type developer is important. It allows the users for a group to have profiles for properties that share the same external content type.


SharePoint 2013 Profiles From Directory Services

It is possible to create new profiles and import the profile properties through synchronizing with a directory service. When you do so, there are several things that will occur with SharePoint Server 2013.

  1. A user profile will be created for each new user in the director service containers that are to be synchronized. It also fills in the properties of each new profile with the data it gets from directory service.
  2. Deletes the profile of users who have been removed from the directory service.
  3. When properties are going to be imported, the property in SharePoint user profile will implement the updates that correspond to the value of the changes within that directory service.

If you will be synchronizing with several directory services, each of them must provide unique users. It isn’t possible to synchronize a single user profile with more than one directory service. The Active Directory resource and logons allow the only scenarios where you can synchronize the same users from two directory services. The connection from the logon though has to prove those users. The connection to the resource will allow those properties for existing profiles to be connected to a business system.

It is possible to use the properties from existing user profiles for a business system. You aren’t going to have the ability to create new user profiles that way though. You won’t be able to write data back to a business system either. In order to import data from a business system, you have to create an external content type. This will bring the data from the business system to SharePoint Server 2013. From there, you will have the ability to synchronize user profiles that have an external content type.

For this to happen there has to be information that is shared with a user profile and an external content type. This information is shared through SharePoint Server 2013 in order to match the external content type to the correct user profile as it synchronizes. By defining the external content type, you also specify the field so that it is a match against the identifier for the external content type. You have to specify the user profile property so that it can be matched against it when you synchronize the connection to a business system.

After a user profile is created, you can allow users to modify the values of certain properties in that profile. You can configure the properties so that they data is going to be changed in SharePoint Server 2013 and then written back to the directory service. Each property has to be imported or exported, but you can’t do both with the same property.

You only have the ability to export data regarding a user to the directory service that the userĀ  was exported from. You won’t be able to create a new user account in the directory service through exploring the information from a user profile.

It is possible to create customized solutions that will use the SharePoint object model for creating the user profiles. When your solution doesn’t rely on profile synchronization then you have the option for removing those features from the SharePoint interface. To do this, select Enable External Identity Manager. This is found in the Configure Synchronization Settings page of Central Administration.

When you synchronize groups as well as users, information about the groups that exist in the directory service will be imported by SharePoint Server 2013. Every time that you synchronize, there will be updates to the groups and their membership information. There aren’t any profiles for groups so you can’t manipulate them with the use of SharePoint Server. Instead, you have to manage groups and their memberships in the directory service directly. The groups are only used one time to create audiences and to display the memberships for a visitor in SharePoint Server.