MCT USE ONLY. STUDENT USE PROHIBITED
Planning Social Computing 8-39
• Organizational profiles. Organizational profiles contain detailed information
about an organization, such as teams and divisions. You can use organizational
profiles to gain information about the organizational structure.
• Profile synchronization. User and organizational profile information that the
User Profile Service stores is synchronized with external directory services
such as Active Directory. A user profile can incorporate data from more than
one source. You can schedule synchronization depending on how often you
expect the relevant information to change.
• Audiences. Audiences enable you to target content to users based on their job
or task. You can define an audience by membership in a SharePoint group or
distribution list, by the organizational reporting structure, or by the public
properties in user profiles.
• My Site Host. My Site Host is a dedicated site for hosting My Site Web sites.
You must provision a My Site Host before you can deploy the social features of
SharePoint 2010.
• My Site Web site. Each user in your organization who has a synchronized user
profile can have a personal site. Users can manage the content of their My Site
Web sites and can include features such as links, tags, colleagues, and
documents.
• Social tags and notes. Users can add social tags to documents, to other
SharePoint items, and to other objects, such as external Web pages and blog
posts. Users can also create notes on any SharePoint page. Administrators can
delete all tags for employees when they leave the company or remove a tag that
they do not want.

User profiles provide profile information for social computing features, particularly
the following:
• The user properties that are displayed on My Site Web sites.
• The organizational hierarchy that is displayed in the organization browser.

• The tags, notes, and comments that users create.

These features enable a user to stay informed about the content that interests them
most.
You should plan how to manage the User Profile Service in your organization. You
can have farm administration perform all of the management tasks. Alternatively,
you can delegate the management of all or part of the features of the User Profile
Service to service application administrators.
MCT USE ONLY. STUDENT USE PROHIBITED
8-40 Designing a Microsoft® SharePoint® 2010 Infrastructure
Question: Why is it important to plan for the use of the User Profile Service
alongside planning for social computing?

MCT USE ONLY. STUDENT USE PROHIBITED
Planning Social Computing 8-41
Planning User Profile Properties

Key Points
When you plan user profiles, you should determine the information about users
that you require to support the social computing features that you plan to
implement. The User Profile Service stores this information in user profile
properties.
When you plan user profiles, you should consider several factors:
• What are the existing directory services? The information that is held in these
services forms the basis for user profiles. You should determine the properties
that you will use for your core user profiles based on those that are relevant
across the organization.
• Do any of the LOB applications that you use have information about users? Some
LOB applications store properties that map to the properties of directory
services. You can use these properties on personalized Web sites.

• How often do you want to synchronize records between the SharePoint profile store
and the source directory service? The frequency of scheduled synchronization
will depend on how often the content of the user properties changes. You
MCT USE ONLY. STUDENT USE PROHIBITED
8-42 Designing a Microsoft® SharePoint® 2010 Infrastructure
should plan to schedule synchronizations to have the least effect on
performance and availability.

Default Profile Properties
SharePoint 2010 provides a set of default user profile properties. You should
review these properties and the policies that apply to them before you decide
which changes to make. Plan to use the default user properties wherever possible
to minimize administrative effort. You may find that you have to create additional
properties to support your user profile plan.
Some user profile properties, such as first name and last name, are automatically
mapped to corresponding properties in the external directory service or business
system. For example, the following table lists the default mappings for users.
Active Directory Domain Services attribute User profile store property
<dn> SPS-DistinguishedName
objectSid SID
manager Manager
displayName PreferredName
givenName FirstName
Sn LastName
PhoneticDisplayName PhoneticDisplayName
PhoneticFirstName PhoneticFirstName
PhoneticLastName PhoneticLastName
telephoneNumber WorkPhone
mail WorkEmail
physicalDeliveryOfficeName Office

title Title
department Department
sAMAccountName UserName
MCT USE ONLY. STUDENT USE PROHIBITED
Planning Social Computing 8-43
Active Directory Domain Services attribute User profile store property
wWWHomePage PublicSiteRedirect
SIP Address proxyAddresses

Additional Profile Properties
You can create additional properties to track key information from directory
services and business applications, if that information is not available through the
default properties for these sources.
Depending on the business requirements, you can plan to add properties at the
level of the User Profile Service or site collection. You can often meet key business
requirements by creating new properties that associate users with particular
business processes. For example, you can create a Cost Center property to hold
cost information for use in departmental budgets.
Search can use these additional properties to find users, or personalization features
can use the properties to target content to users. Profile properties do not have to
be displayed on My Site Web sites or other accessible sites. Search or
personalization features can use profile properties that are not displayed in public
profiles or My Site Web sites.
To limit the number of additional properties, you should focus on only adding
properties that enable key business requirements for each site collection. You
should identify a specific business requirement that an existing profile property
cannot meet before you create a new one.
Question: When should you create additional user profile properties?
MCT USE ONLY. STUDENT USE PROHIBITED
8-44 Designing a Microsoft® SharePoint® 2010 Infrastructure

Planning User Profile Policies

Key Points
Privacy is one of the concerns that you must plan for if your organization hopes to
adopt social computing successfully. Users may be uneasy about who can see their
data and may therefore resist putting information in their profiles. You must
reassure users that their privacy will be respected and encourage them to supply
relevant information for their profiles.
Some information about individual users should remain private. Other information
can and should be shared freely with other users to encourage collaboration.
Policies are sets of rules that you can assign to users or groups to control how
much information users can see and how they can interact with it.
Planning User Profile Policies
SharePoint 2010 provides default policies to help you make the appropriate
information available to meet the requirements of the organization. You can also
create and deploy custom policies if the default policies do not meet your specific
requirements. You should review collaboration requirements across your
organization before you develop a plan for implementing the best combination of
policies.
MCT USE ONLY. STUDENT USE PROHIBITED
Planning Social Computing 8-45
To prepare for planning, you should assess the current visibility of the information
about users in the organization. You should also consider who uses sites and
which sites they use. For example, a central portal site in a large organization that
has a large number of viewers, but very few contributors has less need to share
information than a departmental site where many people can contribute content.
You may include privacy issues in your security plan; privacy policies and security
considerations relate closely, so it is beneficial to consider them together.
You should also consider how the frequency of updates affects performance and
capacity for the User Profile Service. Less restrictive policies allow more users to

view public profiles more often, which affects how frequently you must update
user profiles and compile audiences. In organizations that have many users, this
frequent updating may affect performance and capacity planning.
Default and Custom Policies
Every personalization feature and property that user profiles and My Site Web sites
expose has a recommended default policy. You can apply the default policy or
create a custom policy to meet the requirements of your organization. Policies
consist of two parts: the policy setting and the default visibility setting.
Policy Settings
You can configure policies to control the creation and population of a profile
property. The policy settings are:
• Enabled. The property is visible depending on the visibility setting.
• Required. The property must be populated and is shared based on default
access.
• Optional. The property is created, but may not be populated.
• Disabled. The property is visible only to the User Profile Service administrator.
• User Override. The user can change the default visibility setting.

Visibility Settings
You can use the visibility settings to determine who can see information for a
specific personalization feature. The visibility settings are:
• Everyone. Every user with viewer permissions can see information.
• My Colleagues. Every user in the user’s My Colleagues list can see information.
• My Team. Every user in the user’s team can see information.
MCT USE ONLY. STUDENT USE PROHIBITED
8-46 Designing a Microsoft® SharePoint® 2010 Infrastructure
• My Manager. The user and the user’s immediate line manager can see
information.
• Only Me. Only the user and the administrator of the User Profile Service can
see information.


Additional Reading
For more information about how to plan for user profiles in SharePoint 2010, see



MCT USE ONLY. STUDENT USE PROHIBITED
Planning Social Computing 8-47
Synchronizing User Profile Information

Key Points
Profile synchronization enables you to synchronize user and group profile
information that is stored in the SharePoint profile store with profile information
that is stored in directory services and business systems. Profile synchronization
occurs when profile information changes in either location. You can configure
profile synchronization so that changes that are detected in either store are
replicated to the other store. When you plan user profile synchronization, ensure
that you plan for the instance of the User Profile Service to be on the same server
as the User Profile Synchronization Service.
When you design a user profile synchronization plan, you should consider the
following guidelines:
• Identify directory services and business systems for synchronization.
• Plan permissions.
• Determine which containers to synchronize.
• Define profile synchronization connection filters.
MCT USE ONLY. STUDENT USE PROHIBITED
8-48 Designing a Microsoft® SharePoint® 2010 Infrastructure
• Map profile properties.
• Define a synchronization schedule.


Identifying Directory Services and Business Systems
When you plan for profile synchronization in SharePoint 2010, you first have to
determine the directory services and business systems with which you want to
synchronize profile information. You can configure SharePoint 2010 to
synchronize with directory services that are based on the Lightweight Directory
Access Protocol (LDAP), such as Active Directory Domain Services, Sun ONE,
Novell eDirectory, and IBM Tivoli. All of these directory services support full and
incremental synchronization of users, but only Active Directory supports the
synchronization of groups.
You can also configure SharePoint 2010 to synchronize with business systems
such as Siebel. The User Profile Synchronization Service imports profile
information that is stored in business systems by using the Business Data
Connectivity Service.
Planning Permissions
After you have identified the directory services and business systems with which
you want to synchronize profiles, you must ensure that you have the required
permissions on both SharePoint 2010 and the directory service or business system
to which you will connect.
Determining Which Containers to Synchronize
You must determine which directory service containers have the user profiles and
group profiles that you want to synchronize. This information is required for the
initial configuration of the profile synchronization connection.
Defining Profile Synchronization Connection Filters
You should identify any profile information that you want to exclude from
synchronization before the initial synchronization takes place. You can configure
connection filters to exclude properties or entire accounts.
Mapping Profile Properties
When you have identified the containers that you want to import and synchronize
with SharePoint 2010, you must map the profile properties in the directory service
or business system to the profile properties in SharePoint 2010. You should also

consider any properties that map across multiple directory services or business
systems, because you must create these mappings manually.