SharePoint 2007: All you ever wanted to know about User Profiles

blah!bLaH!BLOG!!

SharePoint 2007: All you ever wanted to know about User Profiles

Posted on 7/8/2007 @ 12:11 AM in #Sharepoint | 30 comments | 18514 views

There seems to be a lot of misinformation about this particular topic, so I am just going to type out what I know, and everyone please add/correct as you consider necessary. Also if there are other Q's that can be answered about User Profiles, please leave the questions as comments, and I'll add the answers when I can.

What are User profiles?

In SharePoint 2007, a userid is uniquely identified by his/her username. The username is tied to the membership provider that the site is configured to authenticate against. A user however has a lot more information about him/her other than just their userid. For instance, they may have a phone number, email etc. All this information goes in the user profile.

Why are user profiles useful?

User profiles are helpful because they let you see a user as "Sahil Malik", not "smalik", they let you use use features such as email alerts (email addy is picked from the profile), they let you create neat org charts, they let you search based on profile properties, and let you do audience targeting.

When/Where is User Profile information retrieved from? And where it stored?

When WSS or MOSS are first installed, every sharepoint site will try and connect to the AD and pull in some information about a user, the first time the user is accessed by the site. This information sits in the UserInfo table in the content db of the site. All other profile information sites in the SSP's database.

Read that again carefully :-), "This information sits in the UserInfo table of the content db of the site". In other words, Say if Miss Jenna Jameson gets married and changes her name to Jenna Ryan, her profile information stays "Jameson", until of course some external force forces this information to stay up to date.

For a schematic on how user profile info flows through your MOSS install, click here.

How can profile information be kept up to date?

Simple answer: Using the Shared Service Provider associated with the site. You have to configure the SSP's user profile import however. For instance, you could set the SSP to import from the AD, ADAM, or LDAP, or BDC (supplemental information only) using an incremental schedule, and that information is then subsequently synched down to the individual website. This synch occurs, thanks to a pre-configured job called ProfileSynch.

How can profile information be kept up to date, if in case I am not using MOSS (and have no SSP)?

Use this utility -

http://blah.winsmarts.com/2007-1-SharePoint_2007_Utility_-2_-_PI_-_Utility_to_Import-Export_actual_user_profiles.aspx

How can I synch profile information from a LOB application, if I don't have BDC?

Use this utility -

http://blah.winsmarts.com/2007-1-SharePoint_2007_Utility_-2_-_PI_-_Utility_to_Import-Export_actual_user_profiles.aspx

How can an end user maintain his/her own profile?

Using MySite, or "My Settings". For instance, the user could specify their email address using that link. Now of course this depends on:

a) Do the users have the appropriate permission to perform this action? Users can be granted the specific permission to keep their profile information up to date, (How to? See http://blah.winsmarts.com/2007-4-SharePoint_2007__Fine_grained_permission_control.aspx)

b) If you have "My Sites" enabled, then this information is updateable from within My Sites, not "My Settings".

BTW, It is not inconceivable that you may want to write a custom aspx that uses elevation to allow end users to maintain their own user profile. This is so because frequently My Sites are disabled, or permissions are locked down. Does this suck? A tad bit! But this aspx isn't terribly hard to write.

How can an administrator maintain the user profiles of users?

3 Answers:

a) Using SSP, and the information synchs down.

b) Using People and groups, userdisp.aspx i.e. click on the user's name and edit him/her. Alternatively, create a custom view/link that goes to http://yourmosssite/_layouts/userdisp.aspx?id={UserID}&Force=True on people and groups, and it'll allow the admin to edit user profiles. Note: This won't work if My Sites is enabled. For my sites, use option #a.

c) Use this utility - http://blah.winsmarts.com/2007-1-SharePoint_2007_Utility_-2_-_PI_-_Utility_to_Import-Export_actual_user_profiles.aspx

How can an administrator delegate "profile maintenance"?

Easy.

1. Individual users can edit their own profiles as long as they have the "Edit Personal User Information" permission allowed. See http://blah.winsmarts.com/2007-4-SharePoint_2007__Fine_grained_permission_control.aspx

2. A group can be setup with "Manage user Profiles" permissions in the associated SSP.

... anything else? :-)

On 7/10/2007 10:55:59 PM David Tappan said ..

One question I have is, when you are synching some user profile properties from AD, and some from a BDC connection, how does SharePoint match the users from AD to the users in the BDC data source? Does it match on a particular attribute, like userID? Is this configurable, so it can match based on another property?

On 7/15/2007 1:58:04 PM Sahil Malik said ..

David, As I answered in the BDC/user profiles link that you can see above, you specify a key column for the matchup. Yes it is configurable. Sahil

On 8/15/2007 12:58:37 PM Maarten said ..

Off topic question, but how do you go about making an audience based view of a search scope. For content in SharePoint it's of course pre-filtered by security context but for content on file shares and DFS the same filtering doesn't apply and trying to get my audiences to be bound to there department share.

On 8/21/2007 12:02:06 PM Tim said ..

Very useful info. Question: Can you tell me where a users "My Links"/Personal bookmarks are stored?

On 8/21/2007 1:12:06 PM Krishnan said ..

"...and that information is then subsequently synched down to the individual website. This synch occurs, thanks to a pre-configured job called ProfileSynch." The ProfileSynch job doesn't seem to synchronize user profile information to WSS sites in my case.
Our MOSS environment was a gradual upgrade from SPS 2003. It consists,
one MOSS site http://mymoss/ and
several WSS sites: http://mymoss/sites/wss1 ... http://mymoss/sites/wss12.
It has an SSP, and AD profile synchronization works perfectly. But, the profile information doesn't pass on to the above WSS sites. Any idea on what could be done to sync the WSS profile info with MOSS profile info?!

On 8/22/2007 9:13:02 AM Andy said ..

We want our secretary to maintain profiles for staff. Re 'How can an administrator maintain the user profiles of users?' a) Using SSP, and the information synchs down. - we don't want to give her access to SSP. b) Using People and groups, userdisp.aspx i.e. click on the user's name and edit him/her. Alternatively, create a custom view/link that goes to http://yourmosssite/_layouts/userdisp.aspx?id={UserID}&Force=True on people and groups, and it'll allow the admin to edit user profiles. Note: This won't work if My Sites is enabled. For my sites, use option #a. - We have MySites enabled. c) Use this utility - http://blah.winsmarts.com/2007-1-SharePoint_2007_Utility_-2_-_PI_-_Utility_to_Import-Export_actual_user_profiles.aspx - would much rather she can edit them ad-hoc when needed. How can an administrator delegate "profile maintenance"? Easy. 1. Individual users can edit their own profiles as long as they have the "Edit Personal User Information" permission allowed. See http://blah.winsmarts.com/2007-4-SharePoint_2007__Fine_grained_permission_control.aspx This works fine for the user to edit their own profile. 2. A group can be setup with "Manage user Profiles" permissions in the associated SSP. How does this group then actually edit the profiles? Thanks for any help! Sorry for my ignorance - pulling my hair out trying to work this out...

On 8/22/2007 12:59:44 PM Sahil Malik said ..

Andy - you're very close to the answer. Once you create a group with "Manage user profiles", all you need to do is, change the querystring (userid) to the user profile edit page. This can be made absolutely seamless by creating a view.

On 8/22/2007 7:10:58 PM Eric Portney said ..

Hi Sahil, In my SSP I have created some custom fields (for data like Work Phone Extension). This data is stored in the SSP, however I don't understand how to export these new fields to the UserInfo table in my MOSS site. If I add a column to the UserInfo table, will the data sync the new custom columns along with the rest of the columns already being synced? Thanks in advance for any insight,
Eric

On 8/22/2007 9:45:00 PM Andy said ..

Thanks Sahil, When I attempt to access say http://mysite.blah.com/_layouts/EditProfile.aspx/UserID=userid it just loads the edit profile page for my own account. I have tried domain\userid, userid, fullname as the userid variable but no joy. Am I missing something?

On 8/30/2007 4:02:02 PM Terry said ..

Sahil, All of a sudden none of my "my site" users can access their document libraries, they get an "access denied" message. Could you point me in the right direction to start troubleshooting this issue? I originally setup SP with a domain admin account and the password was changed on that account so I had to setup another one. Could this have caused this situation? Thanks,

On 9/7/2007 2:38:56 PM Doug said ..

Hi, I'm not getting sync with People and Groups. I have full and incremental sync from AD to MOSS working. If I look at the profiles via SSP they are there and take all the changes I might make in AD. If I look at these profiles via a user's My Site (this is a testing environment) the changes made in AD are there. However, if I look at a profile in a group (for example the default Visitors group in the root site) the changes made in AD and NOT there and I can't edit the profile from there. So I have sync working "everywhere" but People and Groups. Thanks,
Doug

On 12/5/2007 4:15:49 AM ramya said ..

Hi, I have a problem in my sharepoint portal, when i give a user VISITORS PERMISSION he is getting access denied error but when i give MEMBER PERMISSION for the same user he was able to access the site. I have three customized webparts in that particular site.Tree view webpart with the subsites listed in tree view structure.Do i have this problem because of this web part.Im struck up with this problem for the past three days . I have noticed one more thing when i remove this tree view webpart then its working fine. Any solutions is greatly appreciated.

On 12/10/2007 5:54:02 PM Alisha said ..

When users leave our organization, a notification is sent to their manager about their my site being scheduled for deletion. I can't seem to find the settings for that notification. Also, I can't get to those sites that are "scheduled for deletion". Although they are still listed in the database. I can't figure out how to access them and get any useful information. Thanks for the help.

On 12/18/2007 2:09:01 PM Toby Hosterman said ..

I'm looking at a migration from our current production intranet on WSS v2 to a MOSS 2007 implementation. Previously, with WSS v2, I've had occasion to migrate my v2 site to another v2 site in a different domain. This was accomplished by using stsadm to backup the site and restore it to the new server in the new domain. The problem I had (which I believe mirrors my current situation) was that my userid's in the userinfo table were all pointing to the wrong domain. I created a quick query to manually change the domain references; and I manually updated any user name changes. Then, I found a sql script that very nicely changed the user SIDS in the userinfo table to match those of the users in the new domain. SO.... now I'm looking to migrate to a MOSS 2007 implementation. It's hard to copy my list data over when the "assigned to" and other user reference fields don't have all the users populated because nobody's logged into the new site yet... Are you familiar with a process (newer and hopefully more supported than my previous effort) to proactively populate a site collection's userinfo table with all the existing users from a WSS v2 installation? Of key importance is keeping the userid refernces consistent so the imported list data still matches the proper users properly. Sorry for being so wordy... Any help is appreciated.

On 1/28/2008 6:47:00 PM ehelo said ..

1) Go to Sharepoint Server (physical server), Click Start -> Microsoft Office
Server ->
Sharepoint 3.0 Central Administration.
2) Login as administrator, on the left pane click Shared Services
Administration.
3) Click the default Shared Services by default it's SharedServices1. Login as
administrator.
4) Click user profiles and properties.
5) Click view user profiles.
6) User list is displayed. To edit the email address click the dropdown menu and
select edit.

On 1/30/2008 1:44:36 PM Craig said ..

Yes, the SSP can sync information down to the site level, until it hits unique permissions, then it stops.

On 2/4/2008 2:57:57 PM Ned said ..

Is there anyway to get this userprofile information into a web part (or some other way) so it can be used as an employee directory?

On 2/6/2008 9:32:20 AM Ingram Leedy said ..

Can ProfileSynch remove user profiles from MOSS if the user has been deleted from the AD? How can we get the user profiles in MOSS to get cleaned up automatically?

On 3/13/2008 4:54:34 AM Aditya Rao said ..

Hi....I have added a user in Viewer group....and when I log by his name I am getting an error of Access Denied...on the homepage....also when I add a user in Owners group...he is not getting access....can anyone suggest me what to do???

On 3/19/2008 5:26:05 AM sacchit said ..

Hi,
Can you let me know how to get the mysite fields in the user information list of a site collection.Please let me know !!

On 4/22/2008 2:18:43 PM Rich said ..

What about implementing a user registration process? We plan on implementing an extranet site. Using a custom provider, users who first access the site will be checked against a participant table. If enough qualifying information is received then an account will be created in LDAP and profile data is taken from the participant list and added into LDAP. It is at that point we would need to push the data added in LDAP to the user profiles in SharePoint and allow it to sync the data from then on. Does this scenario sound plausible?

On 4/27/2008 3:26:20 AM Waseem Hyder said ..

Can you let me know how to get the all users mysite contents in sharepoint 2007 from sharepoint 2003. (We upgrade our sharepoint 2003 to sharepoint 2007, but when any user try to see his/her MYSite on Sharepoint 2007 no previou documents or old content (related sharepoint 2003) are not appear). Please can anyone suggets me what to do?? (but others document are available only user MySites are missing data)

On 4/28/2008 4:43:23 PM Paul said ..

We want users to update some details (phone etc) via their My Site page, but how do we then sync this back to AD before the next profile import?

On 5/8/2008 3:04:50 AM Muneyi said ..

Hi I would like to create a custom aspx that uses elevation to allow end users to maintain their own user profile . My client does not want to activate my sites , becuase only one group wants to make these edits . How does one go about creating this.

On 7/1/2008 9:16:08 AM Steve D said ..

I have the exact same problem as a previous post stated below
Has there been a resolution to this? Does anyone know the answer? "On 9/7/2007 2:38:56 PM Doug said .. Hi, I'm not getting sync with People and Groups. I have full and incremental sync from AD to MOSS working. If I look at the profiles via SSP they are there and take all the changes I might make in AD. If I look at these profiles via a user's My Site (this is a testing environment) the changes made in AD are there. However, if I look at a profile in a group (for example the default Visitors group in the root site) the changes made in AD and NOT there and I can't edit the profile from there. So I have sync working "everywhere" but People and Groups. Thanks,
Doug"

On 7/10/2008 8:00:34 AM Michael Barends said ..

Hi Steve take a look @ my blog post here it will enable you to edit the data. The 2nd thing it will take some time to see your changes in the normal sites an replicable must be enable on the fields in you SSP blog post: http://softwaresolutionsleones.blogspot.com/2008/07/moss-and-editing-user-profiles.html Kind Regards Michael

On 7/23/2008 1:48:33 PM Cliff said ..

Does functionality already exist within SharePoint to Delete User Profiles when the Users are 'deleted' from, or disabled in Active Directory? I wrote a program to read all of the Users in AD's OU='Disabled User Accounts' (where all of our Users are moved when they are no longer 'active').
Then I execute Microsoft.Office.Server.UserProfiles.UserProfileManager.RemoveUserProfile(Guid guidDelete).
The program apparently deleted the profiles, but they were back again the next day, with different GUID's ??? Would deleting a Profile also remove the User from Permission Groups?
Would deleting a Profile 'remove' the associated 'My Site'?
Does stsadm -o deleteuser do the same as Microsoft.Office.Server.UserProfiles.UserProfileManager.RemoveUserProfile(Guid guidDelete)? Does a comprehensive solution exist for 'cleaning up' users that have left the company, and must be removed from the SP installation?

On 7/30/2008 4:17:02 AM Brigitte said ..

Hi, I have a question about Personal Views in Document Library. If a user creates Personal Views in several Libraries, where does this info store? Or in different words: if I remove a user, how or where do I remove all his Personal Views? Thanks for your answer.

On 8/5/2008 9:19:00 AM Owen said ..

I too would like to know if a comprehensive solution exists for 'cleaning up' users that have left the company, and must be removed from the SP installation. I found an article that discusses the issue in MOSS 2003 and provides code using the object model to delete profiles one by one. The article can be found here: http://sharepointinsight.com/blog/Lists/Posts/Post.aspx?ID=3. Does MOSS 2007 include a utility to remove profiles automatically when they are not included in the last import?

On 8/5/2008 9:59:48 AM Sachin K said ..

Hi, we have a user filter uery which should only extract enabled users and users with a particular email suffix(mail=*companyname.com). when we run Full import utility the user filter gets applied and only relevant users are imported in sharepoint folder. However the incremental profile import does not seem to use the user filter query and it extracts all the user. Could you please help us diagnose the issue? Thanks and regards,
Sachin

Please post your comments:

Your feedback will be submitted for moderation, and will appear after it is approved.

Name:

Email (optional): Your email address will not be posted.

URL (optional):

Comments: HTML will be ignored, URLs will be converted to hyperlinks

Enter the text you see in the box:

Microsoft MVP

Posts By Category

Hosted By

SharePoint 2007: All you ever wanted to know about User Profiles

Please post your comments: