Export (0) Print
Expand All

Use UPRE to replicate user profiles across multiple farms in SharePoint Server 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013

Topic Last Modified: 2014-04-29

Summary: Learn how to use the User Profile Replication Engine to replicate user profiles across multiple SharePoint farms.

Administrators can replicate user profiles from one SharePoint farm to another by using the User Profile Replication Engine.

In this article:

Before you begin this task, read the following articles:

NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Large international organizations can have multiple geographically dispersed SharePoint farms to hold SharePoint My Sites for local users. For example, the following figure shows one farm with 1000 users in Europe, one farm with 1000 users in America, and one farm with 1000 users in Asia. You have deployed the User Profile service application in Europe. When you replicate the user profile information of all farms to all other farms, users in each region will be able to view all user profile information on the local farm. This reduces inter-farm traffic and therefore improves performance. It also improves availability, because a failure of the User Profile service on one farm does not affect other farms.

Figure: Use the User Profile Replication Engine to replicate user files from one farm to multiple farms

Diagram that depicts how to the User Profile Replication Engine to replicate user profiles from the central farm to two regional farms

There are three types of replication:

  • Full replication

    By using full replication, you can replicate all user profile information and some social data (that is, followed people, followed hash tags, and @mentions) to other farms. Usually you perform full replication when you have to do the following:

    • Replicate user profile information from an existing User Profile service application to a newly deployed User Profile service application.

    • Recover data by copying user profile data from an existing User Profile service application profile database or social database.

    To perform full replication, you must be an administrator for the User Profile service application on both source and destination farms. The full replication runs under the security context of the person who starts the full replication.

  • Incremental replication

    Incremental replication replicates changes that are made after the full replication. After full replication is complete, you have to start incremental replication before the time limit specified by the maximum number of days to store the change log. This is to ensure that individual changes are being detected and replicated. By default, the change logs are stored for 14 days. The longer the storage interval, the more time it takes for the User Profile Replication Engine to replicate changes.

    After you run the incremental replication cmdlet described later in this topic, incremental replication is performed automatically at a regular interval. The default interval is 5 seconds.

    Incremental replication is performed through the Replication Engine service. Therefore, on both source and destination farms, make sure that the Replication Engine service is started under the account with which you will run the incremental replication. You must also be a member of the Administrators group for the User Profile service application.

    NoteNote:
    There is a significant difference between full replication and incremental replication. Full replication only supports replication from one source to one destination at the same time, whereas incremental replication supports replication from one source to multiple destinations.
  • Recovery replication

    Recovery replication can fully replicate a specific user or a set of users whose information did not replicate correctly.

    You use recovery replication when you have detected a mismatch in the user profile information on the source and destination farms. It resembles full replication, except that you have to provide an accounts file that specifies the user profiles that you want to replicate from the source farm to the destination farm.

Before you perform either full replication or incremental replication, perform the following tasks:

Ensure that an instance of the User Profile service application already exists in each source and destination farm.

  1. Verify that the user account that is performing this procedure has the Manage Profiles permission for the User Profile service application. For more information, see Delegate administration of User Profile service applications in SharePoint Server 2013.

  2. On the Central Administration website, in the Application Management section, click Manage service applications.

  3. Ensure at least one instance of the User Profile service application is available, and the status is Started.

The User Profile Replication Engine is included in the SharePoint 2010 Administration Toolkit. To use the User Profile Replication Engine, first download and install the SharePoint 2010 Administration Toolkit. For more information, see Installing the SharePoint 2010 Administration Toolkit (SharePoint Server 2010).

By default, network Distributed Transaction Coordinator (DTC) access is disabled. When you do not enable network DTC access on the server, applications can only use transactions that stay on the local computer. For example, transactions cannot flow from a local computer to a database that runs on a separate computer if network DTC access is disabled. To improve the performance of replication, you must enable network DTC access.

For more information, see Enable Network DTC Access (http://go.microsoft.com/fwlink/p/?LinkID=231413).

Before you replicate the User Profile information, back up the following User Profile service application databases on all involved farms:

  • Profile database - used to store user profile information.

  • Synchronization database - used to store configuration and staging information for synchronizing profile data from external sources such as AD DS.

  • Social tagging database - used to store social tags and notes created by users. Each social tag and note is associated with a profile ID.

For more information, see the "Use SQL Server tools to back up a User Profile service application database" section in Back up User Profile service applications in SharePoint Server 2013.

You must add an audience for the User Profile service applications on both source and destination farms. The User Profile Replication Engine uses audiences to identify user profiles on the source farm and those on the destination farm. For more information, see Add, edit, or delete an audience (SharePoint Server 2010).

You must configure trusted My Site host locations to ensure that User Profile data is replicated correctly. When My Site host locations are specified, users are redirected to the single My Site host location that is intended for their accounts regardless of where they are browsing when they attempt to create or access their My Sites. For information, see Add or delete a trusted My Site host location (SharePoint Server 2010).

You can use the Start-SPProfileServiceFullReplication cmdlet to replicate all selected user profile information and social data — including social tags, notes, and ratings — from the source User Profile Service application to the destination User Profile service application.

The User Profile Replication Engine does not replicate data that comes from Active Directory Domain Services (AD DS) because it would automatically be updated from AD DS during profile synchronization.

NoteNote:
Because the User Profile Replication Engine deletes previous entries in bulk before it performs full replication, make sure that full replication only occurs from a master location based on the My Site host location of the currently processed user’s My Site. The potential problem is that the user’s account may be present in a User Profile service application even though that location is not a true master location of the account. For example, User A has a My Site in Farm A, and User B has a My Site in Farm B. User A leaves comments on the My Site that is owned by User B in Farm B. A new user profile entry for User A is then created in Farm B only to store the comments that User A leaves. In this case, to perform full replication, you must set the User Profile service application in Farm A, the master location, as the replication source. If you set the remote User Profile service application in Farm B as the replication source, the user profile created in Farm B for User A and his or her comments will be lost.
To perform full replication by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    • The Manage Profiles permission and the Manage Social Data permission on the User Profile service application for the source and the destination farms.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    Start-SPProfileServiceFullReplication -Destination <String> -Source <String> [-EnableInstrumentation <SwitchParameter>] [-MaxNumberOfThreads <Int32>] [-Properties <String[]>]
    

    Where:

    • Destination: Specifies the URL of the My Site Host to where the user profiles are replicated, for example, http://euro.contoso.com:8081/my.

    • Source: Specifies the URL of the My Site Host from where the user profiles are retrieved, for example, http://hq.contoso.com:8081/my.

    • EnableInstrumentation: Enables detailed logging by using the instrumentation log.

    • MaxNumberOfThreads: Specifies the maximum number of replication threads allowed on the server that is running the User Profile Replication Engine. The value range is between 1 and 100. The default value is 25. The actual number of running threads will be decided dynamically by the User Profile Replication Engine.

    • Properties: Specifies which user profile properties to replicate, for example, "FirstName" or "AboutMe". You can also use the Get-SPProfilePropertyCollection cmdlet to return a collection of all user profile properties. The default value returns all user profile properties. Note that properties that are mapped to the external data source will be overwritten the next time user profiles are imported.

    For example, for the destination farm at http://America.contoso.com and the source farm at http://Europe.contoso.com, the command is:

    Start-SPProfileServiceFullReplication -Destination http://America.contoso.com -Source http://Europe.contoso.com -EnableInstrumentation -MaxNumberOfThreads 15 -Properties "AboutMe", "PictureURL"
    

    NoteNote:
    We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

    Replication begins at the start index and can be stopped by pressing CTRL+C.

    Full replication may take several hours to several days, depending on many factors, such as the performance of the network, the volume of data that you are replicating, and the number of threads allocated for replication.

    If full replication is interrupted, check the log file for the last successful entry and restart the replication process by using the StartAtIndex parameter.

    For more information, see Start-SPProfileServiceFullReplication.

You can use the Start-SPProfileServiceIncrementalReplication cmdlet to replicate changes that are made after the full replication.

To perform incremental replication by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. The first time that you run the incremental replication cmdlet, you must have configured the credentials for the Replication Engine service. You can retrieve these credentials by using the Get-Credential cmdlet. For more information, see Get-Credential (http://go.microsoft.com/fwlink/p/?LinkID=113311).

  4. Make sure the Replication Engine service on both source and destination farms are started and run under the credentials of the User Profile Service account on the source farm.

  5. Assign an account as the administrator for the User Profile service applications on both source and destination farms. To do this, in Central Administration, in the Application Management section, click Manage service applications. Click the row that has the User Profile service application, and then on the ribbon, click Administrators. In the Administrators dialog box, add the User Profile Service account on the source farm as an Administrator, and then grant it Full Control.

  6. Log on to the source farm with the Administrator account for the User Profile service application. At the Windows PowerShell command prompt, type the following command:

    Start-SPProfileServiceIncrementalReplication -Destination <String[]> -Source <String> [-Credential <PSCredential>] [-EnableInstrumentation <SwitchParameter>] [-Properties <String[]>]
    

    Where:

    • Destination: Specifies the URL of the My Site Host to where the user profiles are replicated, for example, http://euro.contoso.com:8081/my.

    • Source: Specifies the URL of the My Site Host from where the user profiles are retrieved, for example, http://hq.contoso.com:8081/my.

    • Credential: Specifies the Replication Engine service credentials the first time you run this cmdlet or anytime you want to change the Replication Engine service credentials. To get the User Profile Replication Engine service credentials, use the Get-Credential cmdlet. For more information, see Get-Credential (http://go.microsoft.com/fwlink/p/?LinkID=113311).

    • EnableInstrumentation: Enables detailed logging by using the instrumentation log.

    • Properties: Specifies which user profile properties to replicate, for example, "FirstName" or "AboutMe". You can also use the Get-SPProfilePropertyCollection cmdlet to return a collection of all user profile properties. The default value returns all user profile properties. Note that properties that are mapped to the external data source will be overwritten the next time user profiles are imported.

    For example, for the destination farm at http://America.contoso.com and the source farm at http://Europe.contoso.com, the command is:

    Start-SPProfileServiceIncrementalReplication -Destination http://America.contoso.com -Source http://Europe.contoso.com -Credential $mycredential -EnableInstrumentation -Properties "AboutMe", "PictureURL"
    

    For more information, see Start-SPProfileServiceIncrementalReplication.

    NoteNote:
    We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.
  7. If you have to stop incremental replication for any reason, use the Stop-SPProfileServiceIncrementalReplication cmdlet. Do not start or stop incremental replication by manually starting or stopping the User Profile Service Replication Engine service by using the Windows MMC snap-in.

The full replication process does not use change tokens and it overwrites data in the destination regardless of changes that you made to it. Therefore, we recommend that you remove all change token files (one per each unique source-destination pair) that were created in previous incremental replication that was run immediately after full replication. This will guarantee that the next time incremental replication for such source-destination pair runs, it retrieves the fresh token from the source and does not rely on the stale token in the file. By default, the token files are stored on the server where you installed the User Profile Replication Engine, in %CommonProgramFiles%\Microsoft\SharePoint 2010 Administration Toolkit\Replication Engine\log, and named in the format of <SourceServerName>#<DestinationServerName>_Timestamp_UPS where <SourceServerName> is the name of the source server and <DestinationServerName> is the name of the destination server.

Whereas removal of a colleague on the source farm is tracked, the User Profile Replication Engine does not replicate account deletions, even though they are captured in the change log by SharePoint components. If any accounts are deleted from the source farm since the last replication, you must manually remove those accounts on the destination farm.

You can use start-spprofileservicerecoveryreplication to perform recovery replication.

NoteNote:
The recovery process replicates the same subset of properties from the source account as specified in parameters that are passed to cmdlet, or all if none are specified. But, during recovery replication, values of properties are retrieved directly from the source user profile, not from the change log. It means that those properties will be retrieved and updated even they are not changed, or for some reason changes are not logged in the change log store.
To perform recovery replication by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. Before performing recovery replication, you must prepare an accounts file. This file can be either the failed accounts file that is created during an instance of full replication, or you can manually create a .txt or .rcv file that contains one user profile account per line, for example:

    Domain1\User1

    Domain1\User2

    Domain2\User1

    Domain2\User2

    Domain2\User3

  4. At the Windows PowerShell command prompt, type the following command:

    Start-SPProfileServiceRecoveryReplication -Destination <String> -FileName <String> -Source <String> [-EnableInstrumentation <SwitchParameter>] [-Properties <String[]>]
    

    Where:

    • Destination: Specifies the URL of the My Site Host to where the user profiles are replicated, for example, http://euro.contoso.com:8081/my.

    • Source: Specifies the URL of the My Site Host from where the user profiles are retrieved, for example, http://hq.contoso.com:8081/my.

    • FileName: Specifies the location of the accounts file. This file can be either the failed account file created during an instance of full replication or you can manually create a .txt or .rcv file that contains one user profile account per line.

    • EnableInstrumentation: Enables detailed logging by using the instrumentation log.

    • Properties: Specifies which user profile properties to replicate, for example, "FirstName" or "AboutMe". You can also use the Get-SPProfilePropertyCollection cmdlet to return a collection of all user profile properties. The default value returns all user profile properties. Note that properties that are mapped to the external data source will be overwritten the next time user profiles are imported.

    For example, for the destination farm at http://America.contoso.com and the source farm at http://Europe.contoso.com, the command is as follows:

    Start-SPProfileServiceRecoveryReplication -Destination http://America.contoso.com -FileName "d:\accounts.txt" -Source http://Europe.contoso.com -EnableInstrumentation -Properties "AboutMe", "PictureURL"
    

    For more information, see Start-SPProfileServiceRecoveryReplication.

NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

You can enable and view the instrumentation log to monitor the replication process by using the EnableInstrumentation parameter. When the instrumentation log is enabled, the cmdlet logs instrumentation information in the file that is named Full_<TmeStamp> for full replication or Inc_UPS_<DestinationServerName> for incremental replication, under %CommonProgramFiles%\Microsoft\SharePoint 2010 Administration Toolkit\Replication Engine\log, on the server where you installed the User Profile Replication Engine.

The following table lists the log files that the User Profile Replication Engine generates during incremental replication.

Log files for incremental replication

Log file Description

Inc_UPS_Err

Stores error messages.

Inc_UPS_Err_Acct

Stores accounts that had errors during replication. These accounts are used by recovery replication.

Inc_UPS_Instrumentation

If you use the EnableInstrumentation parameter, verbose log entries are written in this log file.

IncrementalManager_Err_Start

Stores high-level exceptions that are captured during incremental replication.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft