Let us say that you are setting up SharePoint 2007 in your organization. Typically your users will access a SharePoint installation through a site collection. Which means, you need to give your users access to a particular site.
But where do these users come from? SharePoint 2007 allows you to plug in any kind of authentication using a membership provider, but for many scenarios you will simply install SharePoint 2007 and use it under the default active directory based authentication – a.k.a. 2003 styliee.
When you do setup SharePoint 2007, and a site collection in there, and you enter a UserID such as DOMAIN\smalik, you would note that all the nice goo such as my email addy, phone number etc. – typically stuff you would see in outlook gal or active directory, or any other such system doesn’t get pulled in automatically.
To pull in that stuff, you need to import the user profile information, and here is how you do it.
1. Create a Shared Services site (for which you need to setup indexing and search beforehand). Typically in a real deployment scenario, you would want to keep shared services being served by a dedicated machine other than your web heads (a tip I learnt from Scott Hillier – whose excellent Apress book on SharePoint 2007 I am reviewing right now).
2. Once that is created go to that shared services site, and under “User Profiles and My Sites”, click on “User Profiles and Properties”.
3. When in there, you need to setup an import connection. You can create as many connections as you want – which means if you have multiple kinds of authentication going on, on the same physical box – you should have some means of uniquely differentiating each user – if indeed your organization uses two different repositories of users. In most scenarios you would use active directory, but SharePoint will let you import from AD, LDAP, ADR or any BDC (supplementary information only).
4. So go ahead and setup an import connection. Then back at “Configure Profile Import” set up an import schedule with proper user access rights. It is a good idea to setup an incremental import – which performs a full import to begin with. You can schedule such an import, or you can perform such an import on demand. I like to keep full import unscheduled – and I use that for “wipe out and lets start over” scenarios only.
5. Real world – I imported 48,707 profiles in around 29 minutes – not bad eh?
6. Finally, before you actually start the import, you probably want to map the properties appropriately. So “Email Address” shows up in “Work Email” and so on so forth.
Once everything is setup – hit import, and then the incremental job will run at your specified schedule, and your sites in that site collection will begin to recognize users not as “Domain\smalik” but as “Malik, Sahil” with full meta data. Then you can use that information to power hierarchical org charts, searching over the user metabase via SharePoint, membership information to various groups/mailing lists setup on exchange server etc.