How it works: MOSS 2007 User Profile Import

  • Article

I often face the problem of missing documentation of MOSS 2007 operations at high level, it is documented how to configure it and the very low level details in protocol specification.

Profile import is using the crawler component of MOSS search. A user profile import is actually a crawl of special content - people.

It is using the same pipeline mechanism with mssearch.exe and mssdmn.exe , the difference is that during profile import the crawler uses a protocol handler written for AD,  LDAP connections to handle AD users, groups and AD/LDAP properties.

LDAP and AD connections are called primary connections because these can import new user profiles. BDC connections are called secondary since they can only add supplementary properties to already imported user profiles from custom data source like SQL or other enterprise applications.

The integration can also be noticed when you check the import log which is the same as the crawl log.user profile import log

Profile import is using two special content sources PEOPLE_IMPORT and PEOPLE_DL_IMPORT and uses with a special start url using spsimport:// prefix.

dlimportlog 

User profile import process has 5 main steps:

  1. Enumerating and caching DC connections based on the import settings.
  2. Enumerating users from AD or LDAP repository using the specified filter. This step will add each detected user to the crawl queue.
    enumerating 
  3. Getting profile properties according to the mappings and default columns user by user using the crawl queue and update the temporary tables and commit changes in batches.
    importing
  4. Importing group information (PEOPLE_DL_IMPORT using start address suffixed by $$$dl$$$) based on the memberof properties of the imported users. (so only those groups get into the SSP database where the group contains a member imported and the DC/LDAP server returns valid memberof field for that user – this due to performance reasons)
  5. Computing recursive membership information in SQL SSP database: flattening hierarchical group membership tree  to be able to resolve users quickly. This time the application servers seem to be idle, SQL server is doing this part of the import.

Incremental profile imports are supported when the AD connection account has rights to query the replication changes from the DC.

More information:

User Profiles and Audience Targeting Overview

https://msdn.microsoft.com/en-us/library/ms573802.aspx

Managing User Profile

https://technet.microsoft.com/en-us/library/cc263325.aspx