Requirement

Publish the User Profile service application from test farm to development farm. Not having to provision a new UPS for each developer saves me a huge amount of time and headache!

Solution

Ensure that UPS is set up and working correctly in your test environment.

1. In your test environment:

  1. Export your certificates using the following powershell commands:
  2. This command will export your root certificate to C:\
  3. $rootCert = (Get-SPCertificateAuthority).RootCertificate
  4. $rootCert.Export(“Cert”) | Set-Content C:\ProviderFarmRoot.cer -Encoding byte

You should now have 1 file

C:\ProviderFarmRoot.cer

2. In your dev environment

  1. Export your certificates using the following powershell commands:
  2. This command will export your root certificate to C:\
  3. Export your root certificate
  4. $rootCert = (Get-SPCertificateAuthority).RootCertificate
  5. $rootCert.Export(“Cert”) | Set-Content C:\ConsumingFarmRoot.cer -Encoding byte
  6. Export your STS cert
  7. $stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
  8. $stsCert.Export(“Cert”) | Set-Content C:\ConsumingFarmSTS.cer -Encoding byte

You should now have two files:

C:\ConsumingFarmSTS.cer
C:\ConsumingFarmRoot.cer

3. Set up a trust relationship on your test environment.

  1. Test Farm -> Central Administration -> Security -> Manage Trust.
  2. Click on New to create a new trust relationship.
  3. Call it ‘Dev Farm Trust’.
  4. Set the Root Certificate to ConsumingFarmRoot.cer.
  5. Set the STS Certificate to ConsumingFarmSTS.cer.
  6. Click OK to save.

4. Set up a trust relationship on your dev environment.

  1. Dev Farm -> Central Administration -> Security -> Manage Trust.
  2. Click on New to create a new trust relationship.
  3. Call it ‘Production Farm Trust’.
  4. Set the Root certificate to ProviderFarmRoot.cer.
  5. Leave the STS Certificate blank.
  6. Click OK to save.

5. Get the farm guid of your dev farm.

Type the following command in powershell:

(get-spfarm).id

Take note of the farm id, you will use it later.

Set permissions on the Application Discovery and Load Balancer Service Application

You must grant the dev farm rights to connect to the test farm’s Application Discovery and Load Balancer service.

To do so:

$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal -ClaimType http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid -ClaimProvider $claimProvider -ClaimValue <Consuming Farm ID>
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights “Full Control”
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

6. Check that the correct permissions have been assigned:

  1. Go to Central Administration -> Manage Service Applications
  2. Select Application Discvoery and Load Balancer service -> Permisions
  3. You should see:
  4. Remote Farm: <Consuming Farm ID> – Full Control.
  5. Click OK to close.

7. Publish the User Profile Service in your test farm:

  1. Select the User Profile Service in your test farm -> Publish
  2. Connection Type -> http / https (depends on your environment).
  3. Publish to other farms: Yes (tick).
  4. Description: <your description>
  5. Now, before you click OK, highlight the entire published URL and copy.
  6. Click OK to save.

8. Connect your dev farm to the User Profile Service.

  1. Go to Central Administration in your dev farm -> Manage Service Applications
  2. Click Connect -> User Profile Service Application Proxy.
  3. Paste in the published URL you copied in step 7.5.
  4. Click on OK.
  5. If it connects, you should see the User Profile Service Application from the test farm.
  6. Click on it and click OK.

Your dev farm should now be consuming UPS data from your test farm.

*Note, if you want search on your development farm to crawl the user profiles in your test farm, you will need to assign the appropriate permissions to the user profile service application on your test farm.