People Search relevance is not optimized when the Active Directory has errors in the manager reporting structure

Tags: SharePoint, Admin, User Profiles

 

‚ÄčI see a lot of SharePoint farms that have the Health Analyzer “People Search relevance is not optimized when the Active Directory has errors in the manager reporting structure” configuration warning (http://technet.microsoft.com/en-us/library/hh867937.aspx). Most admins specify the “Profile Leaders” (e.g. c-level executives or the CEO who reports to the board) using the PowerShell cmdlets listed in the explanation of the warning:
 
$upaProxy = Get-SPServiceApplicationProxy <AppID>
Add-SPProfileLeader -ProfileServiceApplicationProxy $upaProxy -Name "<Domain\UserName>"
 
This is a good first step and it will correct the warning for users that shouldn’t have managers, but to keep our environments as healthy as can be (and to leverage the Manager AD attribute in other scenarios), we should produce a list of users who have no manager defined (AD Attribute “Manager” with the value of NULL) and have the AD folks update the user objects. That's what this blog post will show you how to do.
 
Let’s get started. Fire up a SharePoint PowerShell console with a user who is a User Profile administrator and complete the following steps:
 
Get a SPSite reference to the MySite host:
$site = Get-SPSite http://mysite
 
With the site reference, get a SharePoint Service Context:
$context = Get-SPServiceContext $site
 
Using that context, new up a UserProfileManager object:
$upm = New-Object Microsoft.Office.Server.UserProfile.UserProfileManager $context
 
Now, dump all of the profiles to a variable:
$profiles = $upm.GetEnumerator()
 
Filter out the profiles without managers:
$profilesWithoutManagers = $profiles | Where {$_["Manager"].Value -eq $null}
 
Finally, create a nice text file to email to your AD team (or to yourself if you are the SharePoint team AND the AD team!) so they can indentify and populate the manager attribute for all users in AD:
$profilesmanagernull | select @{name="UserName";expression ={$_.Multiloginaccounts}}, DisplayName >> <PATH/TO/OUTPUT/FILE>
 
Here are all of the PowerShell steps in one block for convenience:
 
$site = Get-SPSite http://mysite
$context = Get-SPServiceContext $site
$upm = New-Object Microsoft.Office.Server.UserProfile.UserProfileManager $context
$profiles = $upm.GetEnumerator()
$profilesWithoutManagers = $profiles | Where {$_["Manager"].Value -eq $null}
$profilesmanagernull | select @{name="UserName";expression ={$_.Multiloginaccounts}}, DisplayName >> <PATH/TO/OUTPUT/FILE>
 
And that’s it. When all of the AD users have managers defined, you’ll have a much better overall environment with solid user data and well tuned people search relevancy. This process is also an opportunity for a good cross-team talk with the AD group to get insight into how they create users and to suggest collecting or updating fields like the Manager attribute regularly. From a development perspective, it’s always a benefit to have quality data in your directory for SharePoint.
 
After introducing this process to admins, I also suggest that Service Accounts are created in a separate OU or container so they can be excluded from the User Profile import. If that’s not possible, try to have a naming convention for Service Accounts so you can use string based rules for account exclusion. For example, name all Services Accounts with the "svc-" prefix and create a UPA import rule to exclude all accounts that begin with that string.

No Comments

Add a Comment