Designing User Profiles and Memberships
You may want to augment the profiles in the out-of-the-box profile database to suit your needs. Your organization may have specific properties associated with users that, if identified, could be useful in connecting people with similar expertise or skills as well as related job tasks. The complexity of your organizational structure may dictate that you plan ahead when defining or importing profile information—especially because in this version of SharePoint you can import profile information from a variety of sources, including Active directory, other LDAP-based identity management systems, external data defined in the Business Data Catalog, custom sources via the User profile object model, and properties manually created by the administrator and edited by users.
Determining user profile fields
Each user profile contains information about a single user. This profile is a set of name/value pairs that describe the user’s personal information and information related to your organization. This information can be listed, searched, and displayed to other users in your organization. Index Server crawls the user profile store to get available user information.
Information about the people in your organization is stored in user profiles within Profile Services. Profiles Services is managed by the services administrator who has additional permissions not available to Shared Services Provider (SSP) administrators. Administrators for Profile Services import information about people from your directory services, such as the Active Directory service and Lightweight Directory Access Protocol (LDAP). When you plan an initial deployment of Microsoft Office SharePoint Server 2007, you need to plan your Profile Services connections and directory services, plan which properties of user profiles are used, determine the policies for displaying and editing user profiles, and decide how user profiles are consumed by other personalization features such as custom applications and personalization sites.
MOSS 2007 provides a search scope for searching for people specifically. Understanding your organization and what information differentiates people is the first step in determining which profile properties and fields to use.
Before you can personalize the sites and content within your organization, you have to understand what information is useful for people to know about each other, how they work together, and who they are.
Planning for user profiles consists of starting with the default properties of user profiles in Office SharePoint Server 2007, identifying the connections to directory services (to supplement the default properties with the information about people you already have), and considering additional business data that enables you to connect people to line-of-business applications. The key planning principle is consistency across data sources for all people in your organization. Planning decisions should be written down and be easily referred to when managing your deployment.
Profile Services enables you to configure and schedule the collection of information about people in your organization across directory services and other business applications so that timely and consistent information is always available to you. Information about people is synchronized across your deployment to all site collections that use the same SSP. This information can also be used by personalization features to increase the value and relevance of collaboration features and relationships within your organization.
When you click My Site for the first time your user profile is automatically created for you. During profile creation, Microsoft Office SharePoint Server 2007 attempts to retrieve data from the Active Directory service, which is configured by your server administrator. If your environment doesn’t have directory services available such as AD as an import source, you must enter their user profile properties manually. After user profiles are imported or added, you can update profile information by editing each user’s profile. Editing user profiles does not change the set of properties displayed in that user profile. You can edit, add, or delete the profile properties on the View Profile Properties page in the User Profile Properties section of the SSP administration page.
User profiles and properties are available to administrators from the User Profiles and My Sites section of the Shared Services Administration page. Every site using the same SSP receives the same basic set of properties from the user profile store and displays them in the site’s user information list. This allows SSP administrators to manage profile properties in a central place. Depending upon your particular business needs, site collection administrators cannot add properties to user profiles, but they can add properties to the user information list for certain people. When you plan your user profiles, you’ll need to consider several factors:
Educate yourself about your existing and planned directory services. The foundation for your user profiles is derived from the information available in these services. You will need to determine what properties you will designate as your core user profile based on those that are relevant across your organization (or across the SSP if your organization has multiple sets of shared services). To make the most of your deployment, it is essential that you include properties that can be used to create audiences for targeting content and finding people, and that can be used when establishing relationships between colleagues and work groups. Review the list of properties in directory services for starters and the default properties provided by Office SharePoint Server 2007, and then you can modify that list according to these considerations.
Review the line-of-business applications you use that have information about people. Ask yourself whether or not these properties can be mapped to the properties of directory services. It’s a good idea to write down these mappings in a spreadsheet or list and note which mappings should have priority if there should a conflict. Make sure you add the line-of-business applications you’ll use to your list of business applications. They must be identified and registered in the Business Data Catalog. You will want to integrate this information into your business intelligence planning.
Ask yourself what other, if any, non-people-related business application properties might be useful for people in your organization. You can use these properties in personalized Web Parts to target business data to audiences.
Be conscious of the number of people in your organization and how often information in your directory services changes. This will help you determine how often to schedule Profile Services to import. The frequency of scheduled imports depends upon the number of records, how extensively you’re using personalization features, and when imports will have the least impact on availability and performance. It is important the administrator of these services knows this information for inclusion in deployment planning.
Try to anticipate what profile properties you will need at the site level. It’s possible to manage this centrally, but you may also choose to leave this up to the discretion of each site collection administrator.
Note
The My Site public profile replaces the Microsoft Windows SharePoint Services user profile when Office SharePoint Server 2007 is installed. If your deployment of Office SharePoint Server 2007 is installed over a Windows SharePoint Services installation, take into account that your existing user profile information will be replaced.
MOSS 2007 comes default with a set of properties and policies. Review these properties and the policies that apply to them before you decide what changes you’ll make, which properties you’ll keep or remove, and what properties to create as additions to the default set.
The properties imported from your directory service and the default properties included with MOSS 2007 may be supplemented with properties that you create for tracking additional information not available from other sources and that you consider key to people within your organization.
You should plan to add properties at the SSP or site collection level depending upon the business needs you identified in earlier planning. Key business needs can often be addressed by creating new properties that associate people with important business processes or skill sets. For your information architecture, consider if there should be a custom profile property that should correspond to each major concept to link people to information related to that concept. These custom properties can be used by the search service to find people, or by personalization features in MOSS 2007 to target content to people. Remember that any property can be hidden but still used to tie people and information together. You can choose to make Profile Properties invisible or visible on public profiles or My Sites. Therefore, they can be useful for search or personalization without being displayed to all users in public profiles or My Sites.
If you spend a lot of time thinking about and identifying many of the concepts related to your organization, you might end up with a very large property list. We recommend you prioritize that list to limit the properties to the most important concepts that will become custom profile properties and make your user profiles more valuable. Don’t worry about making the right choice now. You can always identify relevant properties in the course of daily operations and add them later. It’s possible that the out-of-box properties in MOSS 2007 and properties imported from your directory service may be most of what you need, but this exercise is still considered worthwhile in case there are any obvious needs.
When you identify valuable custom properties to add or find default MOSS 2007 ones valuable, you can define them as property choice lists. Profile Services administrators can suggest values or limit the values for any property by defining the list of suggested or approved choices. The managed list of choices then appears to users in a drop-down list for that property. You can either configure the Property choice list selection to be up to the user, or you may define the list of choices that can be added manually or imported from (or exported to) a comma-delimited file. A defined property choice list is a powerful way to control useful suggested values for a custom property. You can also decide to prevent the inclusion of irrelevant values by completely limiting the choices to your defined list.
If you want, users can select multiple values from property choice lists pertaining to the same property. For example, your custom property choice list can be used to enable employees to choose their relevant technical skills and other relevant skills, all of which appear as values for the property.
Here is an example of using a defined property choice list to make information easier to find and promote collaboration. After adding a custom property for users to define their area of expertise, the SSP: administrator identifies the top fifteen areas of expertise most relevant to users in your organization. Adding these values as your defined property choice list and allowing users to associate themselves to an area of expertise will help users find users with specific expertise easily. If the search administrator maps the same property and the site collection administrator can identify Best Bets associated with keywords for each area of expertise, people can search for common keywords and experts for each relevant area will appear at the top of search results.
Establishing mapping between profile properties and your directory service
After reviewing the information detailed earlier in this chapter, you are ready to connect to your directory service and map user profile properties to Profile Services. After you have them connected and mapped, you can see the results by using the features in your Microsoft Office SharePoint 2007 deployment.
Profile Services is used to connect people-based properties of data sources such as line-of-business applications and directory services (primarily Active Directory and LDAP) with user profiles and properties that enable many of the features of Office SharePoint Server 2007.
You can access Profile Services from the SSP administration pages. From the Import Connections link on the User Profiles and Properties administration page, you can connect directly to Active Directory or LDAP in order to import user profiles from those sources into Office SharePoint Server 2007. Services administrators select the properties from directory services to import to user profiles.
We will use connecting to AD in this example to help you become familiar with connecting Profile Services to directory services.
To begin the process of mapping your profile properties to your directory services (for these steps you must be using a server added to your domain):
1. | |
2. | |
3. | In the User Profiles and My Site section, click User profiles and properties. |
4. | Next to Import Source, click Configure Profile Import. |
On the Configure Profile Import page, you can specify the source to import data from as the current domain, entire forest, or custom source. For this exercise, leave the default radio button selected (Current Domain). For the Default Access Account section, you can leave the Use Default Content Access account radio button selected as long as the default access account configured on your server has read access to your active directory, as shown in Figure 6.4. If the Default Content Access Account does not have read access to your AD, you will need to specify another account for the Profile Services to use.
Note
To perform incremental imports, the account must have the Replicate Changes permission for Active Directory provided by Windows 2000 Server. The permission is not required for Windows Server 2003 Active Directory.
In the following two sections, Full Import Schedule and Incremental Import Schedule, you can set scheduled times for Profile Services to import updates to your AD. If your organization experiences regular changes in your directory, you may want to schedule regular imports. Updates to users’ profile information will be captured during an incremental import. This type of import has little impact to the AD in terms of resource usage. The Full import grabs all of the records from the AD, so it is a more intense operation, but it is the only way that users that have been removed from the AD will also be removed from the Profile Service. You may want to schedule incremental imports every night while there is little or no network traffic, and full imports on the weekend where you are sure to pick up removed records as well.
After you have specified the right schedule for your organizational needs:
1. | Click OK. |
2. | Click Start Full Import. The Profile Import Status shows the state as Enumerating and then Importing while the import is in process. |
3. | Click Refresh on the page (the import may take a while depending on the size of your AD). The Profile Import Status will say Idle after the full import has completed. |
During the initial import, Profile Services automatically maps as many default MOSS 2007 Profile Properties to your AD Profile Properties as possible. You can see the number of errors reported in the Last import errors section of the Profile and Import Settings section. To see if your import was successful, you can:
1. | Look at the Number of properties mapped in the User Profile Properties section to see if any of the existing MOSS 2007 profile properties have been automatically mapped to your AD, as shown in Figure 6.5. |
2. | You can also click View profile properties at the bottom of the page in the User Profile Properties section to see which properties were mapped, as shown in Figure 6.6. Figure 6.6. View of the MOSS 2007 Profile Properties mapped to your AD properties
|
These steps should have successfully connected your Directory Service (AD in this case) to your Profile Services. Next, you will want to make sure that each Directory User Profile property is mapped correctly to your MOSS 2007 Profile Service. The next section introduces you to creating these mappings by walking through a series of steps. One of the default properties included in the MOSS 2007 default User Profile is an HTML property called About me. Let’s assume that the description of a person in your organization is important for other users to see, but you already control this by managing this property in the Description field of each user’s AD entry as shown in Figure 6.7. To override and map the existing AD property to the default MOSS 2007 property:
Figure 6.7. Active Directory user Description profile property
1. | Click View Profile Properties in the User Profile Properties section of the User Profiles and Properties page of Shared Services1. |
2. | Scroll down until you locate the Property Name About me. |
3. | Hover over About me. This is the MOSS 2007 property that we are mapping to AD. |
4. | Click on the drop-down arrow on the right of the menu. |
5. | Select Edit, as shown in Figure 6.8. On this page you are able to manage all of the Profile Property settings. For example, you can edit the Display Name of the property that shows up in the user profile page, User Description that shows up on the page for editable properties, Policy Settings (as it appears in MOSS 2007), Edit Settings, Display Settings, Search Settings, and Property Import Mappings. |
6. | Scroll to the bottom of the page and select the drop-down box labeled Data source field to map, as shown in Figure 6.9. |
7. | Select adminDescription from the list. |
8. | Click OK. |
Now you’ve mapped your AD profile property adminDescription to your MOSS 2007 User Profile property About me.
Note
When a profile property is mapped to AD or another LDAP directory service, users can no longer edit it.
You can also add business data properties that contain information about people to existing user profiles by connecting to the Business Data Catalog, selecting a relevant entity from a registered business data application, and either mapping that entity to an existing profile property or adding it as a new property. These properties augment the existing profiles imported from directory services.
Note
You cannot create or import entirely new user profiles from the Business Data Catalog. You can add the data only to existing user profiles.
You can import the properties from all of these sources into user profiles by connecting to the relevant service or database and mapping the unique identifier for each property in the shared service to the unique identifier of the corresponding property in the business application. These connections can be made regardless of the authentication method used by the business application.
The Profile Service maintains the connections with the relevant business applications and updates the properties of user profiles during regularly scheduled imports from all relevant data sources. Data is not exported, however, so the user profile database cannot overwrite the source databases.
Designing audiences
Your use of the Audience features in MOSS 2007 is dependent on how you manage and design other administrative features in your organization. When you do your planning for how you use Audience features, you will want to understand and use the following information:
- Understand and plan your organization’s AD security and user management.
- Design and implement your user profile strategy.
- Plan your distribution lists and SharePoint groups.
- Plan your deployment of sites and site collections.
After becoming familiar with the previous four points, you are ready to begin your audience planning. In your initial deployment you should record all distribution lists, SharePoint groups, and the purpose you have identified for creating each site collection. After you have this information identified, you can condense and group that information into a small number of audiences that best represent the important groups of users in your organization.
Some of your needs to target content to specific groups of people may require creating new SharePoint groups with audiences in mind. Each site collection will generally have a focused set of business processes associated with a group of users, and custom SharePoint groups can be used to define an audience as precisely as your planning allows. If you combine those groups with existing SharePoint groups, AD groups, user profile properties, and distribution lists, you should have a list of audiences that meet the needs of the groups of users who are using each site collection. You can use the following audience rules to maximize their value:
Audiences based on user profile properties include a logical operator that is used to evaluate the property.
Organization hierarchy is recorded in the user profile and is viewable in the My Site Web Parts.
User memberships such as distribution lists or AD groups can be used and also appear in My Site.
Audiences can also be created directly from distribution lists and SharePoint groups. These can be used to define an audience without having to build complex rules. With thoughtfully managed groups and distribution lists, you may already have groups of users that can easily be managed as audiences.
One natural starting point when creating new audiences may come from existing teams of users that are already working together. You may also start creating relevant audiences quickly by using existing mature business processes, cross-group projects, and current site structures. These groups of users can sometimes easily be translated into useful audiences. Organizational reporting structure is another fairly straightforward place to get started.
Audience planning may also cause you to think differently about your current distribution lists, user profile properties, SharePoint groups, site structures, and security groups, and possibly identify areas where you can improve them. If during your planning you think of a group of users to whom you want to target content and there are no existing SharePoint groups, distribution lists, or user profile properties to tie them to an audience, it’s a good idea to document them and plan for adding or editing those groups, lists, or user properties.
Designing and creating your audiences is half of the equation. After you have your audiences defined, you’ll want to make use of them to target content, highlight relevant information to the proper users, and reduce the amount of irrelevant information to users.
In MOSS 2007, you target content to users in the following ways:
List item or Web Part
Using the My Site navigation bar to target personalization sites
As part of the discovering servers feature
By targeting Web Parts by audience
Targeting by list item or Web Part
Any Web Part available can be targeted to specific sets of audiences. You can add those audiences to the Target Audiences text box in the Advanced section of the Web Part’s tool pane. To change this setting on any of your Web Parts, follow these steps:
1. | Navigate to the page you want to target content to audiences. |
2. | |
3. | Click Edit Page. |
4. | Click Edit on the Web Part you would like to modify (see Figure 6.11). Figure 6.11. Edit menu for Web Parts
|
5. | Click Modify Shared Web Part. |
6. | In the tool pane of the Web Part, scroll to the bottom. |
7. | Expand the Advanced section. |
8. | Again, scroll to the very bottom of the tool pane. |
9. | Click the Address book icon in the Target Audiences section. |
10. | |
11. | Type Managers in the Find text box. |
12. | Click the hourglass. |
13. | Select the Audience that appears in the picker results box. |
14. | |
15. | Click OK. |
16. | Click OK in the Web Part tool pane. |
17. | Click Publish on the Page Editing toolbar. |
Now only members of the management group you selected will see that Web Part when they navigate to that page. Other users of the site that are not in that group will not see that content.
You can use Audiences to target content to users in many ways by using different Web Parts available in MOSS. One of the best Web Parts to use within a site collection for this purpose is the Content Query Web Part.
Many SharePoint site templates, such as team collaboration sites, and pages have the Content Query Web Part available by default. You can target content in these three ways:
You can group results by filter options or audience. Often this Web Part is used to target content both by Web Part and by list item.
Display list items from multiple hierarchical levels across a site collection.
You can target specific list items to specific audiences by using the Content Query Web Part. Even when those list items appear in pages or Web Parts, only the individual list item is targeted to an audience.
Targeting content by using Trusted My Site host locations
In a global deployment that has geographically distributed shared services or other scenarios, some users may have access to more than one My Site host location. In these scenarios, your SSP administrator for each SSP manages a list of Trusted My Site host locations across all SSPs and then targets each location to the audiences of users who need to view them.
Your Trusted My Site host locations are processed in priority order within the list. Each user sees personalized information that is most relevant for the My Site he or she is viewing. Personalization information is available even if individual SSPs are unavailable due to geography. During your initial deployment, as in most deployments, there will be only one SSP; therefore, you will typically not need to configure this feature. Target by using the My Site navigation bar.
Personalization links that are presented in the My Site top navigation bar can be targeted to audiences as well. SSP administrators can add these links. In this way, personalization sites that may be relevant to one group of users and not another can be targeted to them and placed in context of their daily activities. The SSP administrator can target links so that they appear only for users for whom the personalized content in the site is relevant.
Using Web Parts that filter by audience
A group of powerful Web Parts called filters can be connected to other Web Parts and provide filter criteria to control what information appears based on certain properties. These available properties vary from filter to filter, but one of the options available is to filter by audience. You can imagine how useful it may be to filter business data by audience so that business intelligence information is relevant to each user or group of users. Tying these features together enables you to provide relatively complex calculations or business analysis in your displayed results.
Managing memberships
Users can have a relationship to other users in your organization depending on how you design your MOSS 2007 deployment site structure. These relationships appear on the public profile page for each user as well as on each person’s personal site, illustrating connections between different people depending on how they use the sites in your organization. The administrators for the SSP can also see in Profile Services information about these people and their relationships. This information includes:
Memberships of distribution list
Memberships of security groups (including by default groups that are e-mail enabled)
Site membership (a view of global memberships for each person)
Colleagues (accomplished by using the In Common With Web Part and My Colleagues Web Part)
Thinking about how relationships between users are identified based on memberships will help you plan your site collection structure. People become members when you add them or a group they are in to the Member group for each site. You should consider having a site for each key business process in your organization and include the relevant people to that process in the Site’s Members group.
Distribution lists and security group memberships exist for all but the newest of organizations. If you are not responsible for security in your organization, you will want to connect with the person responsible for security planning and educate them about how MOSS 2007 uses memberships to ensure people have the correct permission levels to do their jobs. Organizational policies and architecture will also need to be considered in your planning.
Early in your deployment it is recommended that you review and reorganize distribution lists to reflect your planned information architecture. Unused or redundant distribution lists can be discontinued, and new distribution lists can be created to meet additional needs.
Colleagues are automatically identified based on your organization hierarchy imported from your directory services such as AD. Your colleagues include all people within your immediate work group, including your manager, peers, and any employees that report to you directly. No specific planning is needed to make these connections. In some organizations there may be key relationships between people on teams that work on projects together from time to time. You or management may want to add My Colleagues lists for certain cross-teamwork groups. SSP and site collection administrators should also encourage managers to make these changes early in the deployment, and encourage them to review the organizational hierarchy in their My Site so they can verify their organizational hierarchy and make changes to directory services if needed.
During the planning phase for people and their relationships, start with planning for membership in sites, SharePoint Groups based on security considerations, distribution lists, your organizational hierarchy, and the roles of individuals and teams of people in your organization. Consider how people currently collaborate, based on common managers or common tasks across work-groups, and then consider ways in which you might improve that collaboration with new distribution lists or groups, or by adding people as colleagues. Think about other functionality that relies on membership in these groups. For example, membership can be used to target content to specific audiences.