Setting Up User Profiles Service Application

For my unit I have set up a SharePoint 2010 machine for evaluating purposes. I defined a portal project to give our management the ability to publish news and give all employees a My Site for personal content. Simple and clear. My colleague started working on the publishing requirement and I started with the My Sites.

The SharePoint 2010 server is part of a domain which I am an administrator of. So everything is in reach for me to configure SharePoint Server and its service applications. Well, it’s working now, but I had to start over several times. Pfff… After some Bing searches I found out I was not the only one ( User Profile Synchronization Service stuck on starting). Finally, this article at Microsoft TechNet helped me out.


Security Tasks

In Active Directory I created an account SPFarmAdminAcct and gave it permissions for Replicate Directory Changes and Create All Child Objects. Also, since it’s a Windows Server 2003 Active Directory I made the account member of the Pre-Windows 2000 Compatible Access group.

On the local SharePoint 2010 server I added this Farm Administrator account to the local Administrators group.

From Central Administration, Manage Farm Administrators Group, I added the SPFarmAdminAcct account to the Farm Administrators group.


Creating the Service Application

From Central Administration, Manage Service Applications, click New, User Profile Service Application.


You can create a new application pool for this service application or use an existing one, but it has to run with the SPFarmAdminAcct credentials.

The User Profile service application will create several databases for Profiles, Synchronization and Social Tagging and you will need a My Site Host site collection. If you don’t have one already, you can create one from here using the provided link. In this site collection all personal sites will be created.

After creating the service application, you’ll need to start the services. From Central Administration, Manage Services on server.


Now, if you start the Windows Services console you’ll notice two Forefront Identity Management services. After a few minutes they will be started under the credentials of the SPFarmAdminAcct account. Be patient…


When the services are running, you have to do a IISRESET.

Now we can create connections for profile synchronization. From Central Administration, Manage Service Applications, click the created User Profile Service Application. (Not the proxy!)


Select Configure Synchronization Connections and Create a New Connection. Enter you’re forest and domain information and click on the Containers button.

5_DomainConnection1 5_DomainConnection2 

Select those items you want to synchronize,  for example Users. Click OK.

Now, select Start Profile Synchronization and select Start Full Synchronization. A timer job will now be scheduled to start shortly. Wait a few moments and you’ll see profiles being imported.

Then I logged in with my personal account and opened My Site. 🙂