One of the major improvements I had heard about prior to the SPC2012 was some of the advancements with the User Profile. So I was really anticipating this session.
Shei Adenouga started off with some information about issues with User Profile synchronization in the past and how these have been dealt with in SharePoint 2013. Examples of this improved performance include:
- Synchronization steps: a typical sync within SharePoint 2010 there are three different provisioning steps. This has been reduced for 2013.
- Importing of a BCS connection is now done in batches.
- Adding indexes to certain user properties to eliminate the need for full table scans.
- Cleaned up historical data: most organizations experienced this over time that the historical back data would make the synchronization slower. This was primarily because Forefront Identity Manager (FIM) would retain error and informational data. In SP2013 the data is automatically removed after 7 days.
Overall the performance of using FIM with SharePoint 2013 has dramatically increased to the tune of around 300,000 users can be synchronized within 7 hours. The interesting thing that I found out was that Microsoft did not just keep those improvements for the the newer version of SharePoint. These have become available for SharePoint 2010 in the June 2012 Cumulative Updates.
There has also been some interesting changes around the User Profile database. SharePoint 2013 includes many more social features which are attributed to the individual user. All of User Profile Social Data information is now being kept within the individual users My Sites. The improved social feeds are now coming from the My Site content databases.
One of the most significant changes is something that was not a new addition but bringing back a feature from SharePoint 2007. Within SharePoint 2010 we only had the capability of setting up a synchronization by using FIM. There were many times we did not necessarily need that much horse power and wanted to do a simple connection to AD. AD Import Mode was brought back to SharePoint 2013 which really helps smaller organizations with a more lightweight method for AD importing. The tool now has the capability for selecting a specific OU to import users into SharePoint. The Farm administrator also has the capability of adding an LDAP filter to help narrow the scope. This can be used with an AD Forest with multiple domains, however you would have to create a connection per domain.
It is possible to switch between AD Import Mode to FIM integrated, however understand that some of the limitations with AD Import Mode will cause issues. Some of the limitations include:
- Custom Property Mappings – simple data types, strings, and integers
- Can only work with AD, no LDAP directories or Novell
- Synchronization is only one way
The last thing the Sheyi talked about was a new SharePoint Connector for organizations that have deployed Forefront Identity Manager 2010 R2. FIM 2010 R2 allows an organization to consolidate their identity information and management on one server thus allowing Microsoft applications to tap into this information for an overall better experience of self-service identity management. This is a great tool for larger organizations who need to use this application for self-service password resets, creating and administering security policies.
I am pretty happy to hear about some of this advancements with the User Profile service. I am definitely looking forward to hearing from my clients as to what this means to them.