Tuesday, October 28, 2014

Set Cache Super Reader e Super User Account for SharePoint with Claims and ADFS as Identity Provider

This script is the right one I've used to setup Cache Super User and Cache Super Reader for a web application with Authentication Settings Claims/ADFS as IDP.
These users are very important for SharePoint Web Application and if you don't setup them correctly, probably you'll be in an Access Denied condition for every user is accessing the web application.
Both users must also be part of "policy for web application" with Full Control and Full Read permissions.

Here's the script. Be carfull. Claims principal and super user string must match your IDP configuration. In my case windowsaccountname (samAccountName) was used as identity name identifier.

$mgr = Get-SPClaimProviderManager
$tp = Get-SPTrustedIdentityTokenIssuer -Identity "IDPName"

$superuser = "NewSPCacheSUser"
$superuserclaim = New-SPClaimsPrincipal –ClaimValue $superuser -ClaimType http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname -TrustedIdentityTokenIssuer $tp
$superuserclaimstring = $mgr.EncodeClaim($superuserclaim)

#set read user to windows account (claims based)
$readuser = "NewSPCacheSReader"
$readuserclaim = New-SPClaimsPrincipal –ClaimValue $readuser -ClaimType http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname -TrustedIdentityTokenIssuer $tp
$readuserclaimstring = $mgr.EncodeClaim($readuserclaim)

$webApp = Get-SPWebApplication $webappurl

#SuperUser
$policy = $webApp.Policies.Add($superuserclaimstring, $superuser)
$policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)
$policy.PolicyRoleBindings.Add($policyRole)
$webApp.Update()

#ReadUser
$policy = $webApp.Policies.Add($readuserclaimstring, $readuser)
$policyRole = $webApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead)
$policy.PolicyRoleBindings.Add($policyRole)
$webApp.Update()

#$webApp = Get-SPWebApplication webappurl
$webApp.Properties["portalsuperuseraccount"] = $superuserclaimstring
$webApp.Properties["portalsuperreaderaccount"] = $readuserclaimstring

$webApp.update() 

Monday, September 8, 2014

HowTo Create SPFarm (SharePoint Farm) with Powershell

After binary installation of SharePoint do not run configuration wizard to build your farm.
Try instead this simple PowerShell script in order to create a clean Farm with Central Administration deployed an SQL Server database without GUID (replace italic information with your environment).
Run this script within SharePoint Management Shell with administrative permissions.

# Service accounts
$DOMAIN = "yourdomain"
$accounts = @{}
$accounts.Add("Farm", @{"username" = ($DOMAIN + "\yourfarmaccount"); "password" = "yourfarmaccountpassword"})

Foreach ($account in $accounts.keys) {
    $accounts.$account.Add(`
    "Credential", `
    (New-Object System.Management.Automation.PsCredential $accounts.$account.username, `
    (ConvertTo-SecureString -String $accounts.$account.password -AsPlainText -Force)))
}

# Farm configuration

$config_Passphrase = "yourpassphrase"
$s_config_Passphrase = (ConvertTo-SecureString -String $config_passphrase -AsPlainText -force)

$server_DB = "SQLSERVERALIAS"
$db_Config = "SP2013_ConfigDb"
$db_CentralAdmin = "SP2013_Content_CentralAdministration"

$ca_port = 2013
$ca_AuthProvider = "NTLM"

########################################
# Create the farm

Add-PSSnapin Microsoft.SharePoint.PowerShell

Write-Output "Creating the configuration database $db_Config"
New-SPConfigurationDatabase `
-DatabaseName $db_Config `
-DatabaseServer $server_DB `
-AdministrationContentDatabaseName $db_CentralAdmin `
-Passphrase  $s_config_Passphrase `
-FarmCredentials $accounts.farm.credential

# Check to make sure the farm exists and is running. if not, end the script
$farm = Get-SPFarm
if (!$farm -or $farm.Status -ne "Online") {
    Write-Output "Farm was not created or is not running"
    exit
}

Write-Output "Create the Central Administration site on port $ca_Port"
New-SPCentralAdministration `
-Port $ca_Port `
-WindowsAuthProvider $ca_AuthProvider


# Perform the config wizard tasks

Write-Output "Install Help Collections"
Install-SPHelpCollection -All

Write-Output "Initialize security"
Initialize-SPResourceSecurity

Write-Output "Install services"
Install-SPService

Write-Output "Register features"
Install-SPFeature -AllExistingFeatures

Write-Output "Install Application Content"
Install-SPApplicationContent

Thursday, June 12, 2014

Lesson Learned: Do Not Use Move-SPUser on a SharePoint Farm With Multiple Web Application and Different Trusted Identity Provider!

Do not use Move-SPUser (and also "stsadm -o migrateuser") on a SharePoint Farm with multiple web application mapped to different identity provider.
This because this PowerShell command acts over all Content Database.

For example assume that you have a Claims Based Web Application using NTLM schema, a second web application Claims Based but using ADFS a Trusted identity provider and a third Web Application using NTLM.

If you perform a Move-SPUser for a NTLM user to ADFS IDP this will impact all webapplication, even if SPUser parameter you pass to the command was build using a specific web application / site collection.

If you want to migrate from NTLM to a different identity provider only a webapplication, what I suggest you is to detach temporary all content databse you don't want to migrate.
Perform Move-SPUser and then reattach all detached content db.

Remember to check Policy for Web Application after user migration.

How to Install ActiveDirectory Powershell Module on a Windows 2008R2 or 2012 member Server

If you want to install ActiveDirectory PowerShell on a member server in order to use ps1 for manage users not only on Active Directory Server, you need to execute this simple PowerShell script.

Import-Module ServerManager
Add-WindowsFeature RSAT-AD-PowerShell

This will add ActiveDirectory Module so finally you can use for example Get-ADUser command to get specific user against Active Directory.

Tuesday, March 25, 2014

JavaScript Function to manage AutoGrow in HTML TextArea

I've found this very simple and usefull jscript you can use to AutoGrow based on user input.


Add this script to head of your page (no jquery is required - just simple javascript).


<script type="text/javascript" language="javascript">
function resizeTextArea(ta) {
  cr = ta.value.split('\n');
  b = 1;
  for (x=0;x < cr.length; x++) {
   if (cr[x].length >= t.cols)
    b+= Math.floor(cr[x].length/t.cols);
  }
  b+= cr.length;
  if (b > ta.rows) ta.rows = b;
 }

</script>


Then add the handler for onKeyUp event on your textarea in this way.


onkeyup="resizeTextArea(this);"

Tuesday, March 11, 2014

Some farm products and patches were not detected on this or other servers - SharePoint Patching

If you install a SharePoint patch on all server in your farm and, after executing "SharePoint Configuration Wizard", you receive an error like this:


"Error: Some farm products and patches were not detected on this or other servers. If products or patches are missing locally, you must quit this program and install the required products and patches on this server before starting this wizard. If products or patches are missing on your servers, you must install the required products and patches on the specific servers, and you may then click the Refresh button to perform the status check again."


what you need is to refresh products patch installed on the server.


To achieve this, execute this simple PowerShell command (from SharePoint Management Shell):


Get-SPProduct –local


Now you can click on refresh inside Configuration Wizard and see that the error is disappeared.

Tuesday, February 18, 2014

HowTo Index Attachment of MSG Files in SharePoint (2010)

In order to be able to index files attached to an msg file uploaded to a SharePoint document library you need to perform a simple modification to your registry.


You need to add this reg in order to tell Crawler how to handle .msg extension.


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0\Search\Setup\Filters\.msg]
"Extension"="msg"
"FileTypeBucket"=dword:00000001
"MimeTypes"="application/msoutlook"



Copy this in a .reg file and merge this into crawler registry.


Restart OSSearch and perform an IIS reset.
Also be sure that .msg extension in included in crawled extensions (this should be a default).


Then perform a Full Crawl.


The attachment file type indexed are now dependant from iFilters installed on the SharePoint Farm.

Tuesday, February 11, 2014

How to Disable throttling for specific List in SharePoint

If you need to disable SharePoint list view throttling for a specific list, you can do that using PowerShell with this simple script.

$web = Get-SPWeb “https://fqdn.of.my.website”
$list = $web.Lists["ListName"]

$list.EnableThrottling = $false
$list.Update()


Remember to read "Manage list and library with many items" to understand the best way to manage this kind of lists.

Friday, January 24, 2014

How to Create Usage Data Service Application SharePoint 2013 with Powershell

If you need to create Usage Data Service Application in SharePoint (2010 and 2013) you can see that no UI is provided to do that in Central Administration.

You can use this simple PowerShell Script to create Usage Data Service Application and corrispondent Proxy.

New-SPUsageApplication -Name "Usage Service Application" -DatabaseServer SQLSP2013 -DatabaseName "SP2013_UsageDB" -UsageService $serviceInstance
$usa = Get-SPServiceApplicationProxy | where {$_.TypeName -like "Usage*"}
$usa.Provision()