Skip to content

SPUserProfileServiceApp

Yorick Kuijs edited this page Nov 13, 2020 · 20 revisions

SPUserProfileServiceApp

Parameters

Parameter Attribute DataType Description Allowed Values
Name Key String The name of the user profile service
ProxyName Write String The proxy name, if not specified will be /Name of service app/ Proxy
ApplicationPool Required String The name of the application pool to run the service app in
MySiteHostLocation Required String The URL of the my site host collection
MySiteManagedPath Write String The Managed Path of the my site sites
ProfileDBName Write String The name of the profile database
ProfileDBServer Write String The name of the server to host the profile database
SocialDBName Write String The name of the social database
SocialDBServer Write String The name of the database server to host the social database
SyncDBName Write String The name of the sync database
SyncDBServer Write String The name of the database server to host the sync database
EnableNetBIOS Write Boolean Whether Farm should resolve NetBIOS domain names
NoILMUsed Write Boolean Specifies if the service application should be configured to use AD Import
SiteNamingConflictResolution Write String Specifies which SiteNamingConflictResolution should be used Username_CollisionError, Username_CollisionDomain, Domain_Username
UpdateProxyGroup Write Boolean Specifies if an issue with Service App Proxy Groups should be automatically corrected (see wiki for more info). Default value is true.
Ensure Write String Present if the service app should exist, absent if it should not Present, Absent
InstallAccount Write PSCredential POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5
UseSQLAuthentication Write Boolean Should SQL Server authentication be used to connect to the database?
DatabaseCredentials Write PSCredential If using SQL authentication, the SQL credentials to use to connect to the instance

Description

Type: Distributed Requires CredSSP: Yes

This resource will provision an instance of the user profile service to the farm. It creates the required databases using the parameters that are passed in to it (although these are only used during the initial provisioning).

The specified InstallAccount or PSDSCRunAsCredential cannot be the Farm Account. The resource will throw an error when it is.

To allow successful provisioning, the farm account must be in the local administrators group, however it is not best practice to leave this account in the Administrators group. Therefore this resource will add the Farm Account credential to the local administrators group at the beginning of the set method and remove it again later on.

The default value for the Ensure parameter is Present. When not specifying this parameter, the service application is provisioned.

The parameter SiteNamingConflictResolution accepts three values: Username_CollisionError, Username_CollisionDomain and Domain_Username. More information on each of these parameters can be found at: https://docs.microsoft.com/en-us/dotnet/api/microsoft.office.server.userprofiles.sitenameformat?view=sharepoint-server

NOTE: Due to the fact that SharePoint requires certain User Profile components to be provisioned as the Farm account, this resource and SPUserProfileSyncService retrieve the Farm account from the Managed Accounts. This does however mean that CredSSP is required, which has some security implications. More information about these risks can be found at: http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/

NOTE2: The UpdateProxyGroup parameter fixes the following issue: The User Profile service is looking up the proxy groups to find the correct MMS. Unfortunately it doesn't follow what you configured in Central Administration. Instead it verifies an obsolete ServiceApplicationProxyGroup property of the UPA, which is always pointing to the default proxy group.

It seems that property doesn't get updated for any Service Application when you modify the associations in Central Administration and it can store only one association (while in central administration a Service Application can be added to multiple proxy groups).

Examples

Example 1

This example adds a new user profile service application to the local farm

    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            SPUserProfileServiceApp UserProfileServiceApp
            {
                Name                 = "User Profile Service Application"
                ApplicationPool      = "SharePoint Service Applications"
                MySiteHostLocation   = "http://my.sharepoint.contoso.local"
                MySiteManagedPath    = "personal"
                ProfileDBName        = "SP_UserProfiles"
                ProfileDBServer      = "SQL.contoso.local\SQLINSTANCE"
                SocialDBName         = "SP_Social"
                SocialDBServer       = "SQL.contoso.local\SQLINSTANCE"
                SyncDBName           = "SP_ProfileSync"
                SyncDBServer         = "SQL.contoso.local\SQLINSTANCE"
                EnableNetBIOS        = $false
                PsDscRunAsCredential = $SetupAccount
            }
        }
    }

Example 2

This example adds a new user profile service application to the local farm

    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            SPUserProfileServiceApp UserProfileServiceApp
            {
                Name                 = "User Profile Service Application"
                ApplicationPool      = "SharePoint Service Applications"
                MySiteHostLocation   = "http://my.sharepoint.contoso.local"
                MySiteManagedPath    = "personal"
                ProfileDBName        = "SP_UserProfiles"
                ProfileDBServer      = "SQL.contoso.local\SQLINSTANCE"
                SocialDBName         = "SP_Social"
                SocialDBServer       = "SQL.contoso.local\SQLINSTANCE"
                SyncDBName           = "SP_ProfileSync"
                SyncDBServer         = "SQL.contoso.local\SQLINSTANCE"
                EnableNetBIOS        = $false
                NoILMUsed            = $true
                PsDscRunAsCredential = $SetupAccount
            }
        }
    }

Example 3

This example adds a new user profile service application to the local farm

    Configuration Example
    {
        param(
            [Parameter(Mandatory = $true)]
            [PSCredential]
            $SetupAccount
        )
        Import-DscResource -ModuleName SharePointDsc

        node localhost {
            SPUserProfileServiceApp UserProfileServiceApp
            {
                Name                         = "User Profile Service Application"
                ApplicationPool              = "SharePoint Service Applications"
                MySiteHostLocation           = "http://my.sharepoint.contoso.local"
                MySiteManagedPath            = "personal"
                ProfileDBName                = "SP_UserProfiles"
                ProfileDBServer              = "SQL.contoso.local\SQLINSTANCE"
                SocialDBName                 = "SP_Social"
                SocialDBServer               = "SQL.contoso.local\SQLINSTANCE"
                SyncDBName                   = "SP_ProfileSync"
                SyncDBServer                 = "SQL.contoso.local\SQLINSTANCE"
                EnableNetBIOS                = $false
                SiteNamingConflictResolution = "Domain_Username"
                PsDscRunAsCredential         = $SetupAccount
            }
        }
    }
Clone this wiki locally